MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4139618f62bdf29a26be0dc4df6d97a60bfc322b44fe5632b0c7645f177a9af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4139618f62bdf29a26be0dc4df6d97a60bfc322b44fe5632b0c7645f177a9af
SHA3-384 hash: 108856eb940205e51a764b2228dd0ce87b33555dd95921cd9ff8df5e36aa39b1b2835f45eb48e058ffc1be0e2fde87b8
SHA1 hash: de378294fb05de3d8959985508840ec74056164d
MD5 hash: 35039384ec6f45417d66f87960cb31fb
humanhash: alanine-victor-fifteen-mountain
File name:a552bb6a2bb938f8b0fd83bb1e6eb3b7
Download: download sample
File size:447'510 bytes
First seen:2020-11-17 15:09:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9d1f0da408c33eebb70b9bfa17b7fddc (4 x njrat, 1 x Jadtre)
ssdeep 6144:TKtcN67w/EjBkyQRdqGv4T9gV4sCHCoJ903tDN1ey1/UA55LzaBeMYW:TycNQwyBkyidohgWsRoJ+h/e8MEW
Threatray 37 similar samples on MalwareBazaar
TLSH A394D06137D4C432D563047189A5D7B0BA35BD742A368A07FBD42E6F7E31BA2CA22743
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Searching for the window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4139618f62bdf29a26be0dc4df6d97a60bfc322b44fe5632b0c7645f177a9af/
Threat name:
ByteCode-MSIL.Trojan.Babar
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:20:31 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
09f671389b1751b349057fbb454c9a8263e95fbb8af54f47a016abad4a925472
13540d62324d40e8b15db72f32fdf1eb407f4f4d9c4cac05d5f436c39a000df2
3494fdebd477fb45b537334f415f6e7b56ad7aa2764f80472ee7cb705d30eb65
3eb825e55857afc9c56dd4357f4223632fb5f5bb96d3acff8e444278e373eefb
4601ea5454f0e7fff73f37d8bd71d5b36c61ded3be7545165946b4f39f8d76dd
6b9866969b0dcd61b84d7251526d527c48226564d6681db44bacc9c538538d35
8747896fc2d331a7dc2f3f216e4af54da9b02fecc3e17172de74ed0b85f9ce09
b152ef883969e3ffb867b66a13e28efd90fcdc3201824a6dc55437554097e98b
bf8e538a1d561cdae7c44e0e722e114c9f9e71bf30a6aa1ddbfca6d4998796ba
db6f7b795e59ba384c7bba66f9c4fe4fd68a6cab3c38b7b70a1154dc2319106b
+ 27 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-fshawpkfpe/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
b4139618f62bdf29a26be0dc4df6d97a60bfc322b44fe5632b0c7645f177a9af
MD5 hash:
35039384ec6f45417d66f87960cb31fb
SHA1 hash:
de378294fb05de3d8959985508840ec74056164d
Link:
https://www.unpac.me/results/1a075cfa-4bcf-43ca-be46-51ed14aefeee/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments