MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4f9561c4596cd81a4b2d50a34e77e97d836f0c39f995add8db5685bac4f1408. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4f9561c4596cd81a4b2d50a34e77e97d836f0c39f995add8db5685bac4f1408
SHA3-384 hash: ad4bc0c81a13e03944e7bf620715f4afa46b2faf833f819874a45d86202092f33622adb39c3f7e7e1831a04b4c2ae4d8
SHA1 hash: 058a68f91c0f2f4d25d0cd9f76efd4f01ef2a8b0
MD5 hash: f818c94731971f8c84bdec56ff49577d
humanhash: neptune-whiskey-helium-white
File name:Install discord.exe
Download: download sample
File size:2'001'312 bytes
First seen:2022-05-08 12:03:53 UTC
Last seen:2022-05-08 12:32:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep 24576:b4nXubIQGyxbPV0db26AqO8st1LscGFXagMAGyWTH8bVF58Mzafcv0If:bqe3f6k8E1LsRFK7ADF5f+U
Threatray 164 similar samples on MalwareBazaar
TLSH T14095BF7B7228A03FC45A0A3259B3B2F05C7B7A51AC168C5ACFF4094DDF668601E3EE15
TrID 61.8% (.EXE) Inno Setup installer (109740/4/30)
23.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
5.9% (.EXE) Win64 Executable (generic) (10523/12/4)
2.5% (.EXE) Win32 Executable (generic) (4505/5/1)
1.6% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon b4554d53365c5cb2
Reporter JaffaCakes118
Tags:exe signed

Code Signing Certificate

Organisation:APELSIN LLC
Issuer:Sectigo Public Code Signing CA R36
Algorithm:sha384WithRSAEncryption
Valid from:2022-02-09T00:00:00Z
Valid to:2023-02-09T23:59:59Z
Serial number: 8639f7efa769f8accaf6c17912c7b9fc
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: b086854c909540073ecad80053ba640b8db09f071cb01f222b1749bcba64a08f
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
255
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Install discord.exe
Verdict:
Malicious activity
Analysis date:
2022-05-08 11:59:35 UTC
Tags:
installer opendir
Link:
https://app.any.run/tasks/f0de809e-b60d-4e38-ab15-16390095fd1f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/269345/
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
DNS request
Connecting to a non-recommended domain
Sending an HTTP GET request
Moving a file to the %temp% subdirectory
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/16713/overview
Behaviour
MalwareBazaar
CheckNumberOfProcessor
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe expand.exe overlay packed setupapi.dll shell32.dll
Link:
https://www.filescan.io/uploads/6277b1c7d4bfd83491c206b5/reports/f97308bb-9ad2-4c9c-978e-8103489dc70f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/09d299b0-e26a-4b7d-9434-042439bd4dc4
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
26 / 100
Link:
https://www.joesandbox.com/analysis/989747
Signature
Multi AV Scanner detection for submitted file
Obfuscated command line found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4f9561c4596cd81a4b2d50a34e77e97d836f0c39f995add8db5685bac4f1408/
Threat name:
Win32.PUA.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-05-02 18:33:02 UTC
File Type:
PE (Exe)
AV detection:
4 of 26 (15.38%)
Threat level:
  1/5
Verdict:
suspicious
Similar samples:
216b9c35ce0b737fd5e636071925b930e15089b93290b0bc81530007b3c77192
49d0d2a3b58255fd7c36dacc34c5ef977187f2e1ecc8cfd4cf0e35c47824fa8b
595e1545c53d27fb1315e70b241e66f44b28a49be59a717ca4936d167e121470
6fe99e1ad9f91735ffecf032c4bc4f57a16a21f104a34442381b23b259fd9c9c
9d4f9aac1933e09f5ab82d1e247c77e624be93d086a81caf116af28555ddcc3c
d2205532e27cf8ae9dbc0a62fdf3fca598f5fa8f9cc948bec49df54b0b8a8cd6
+ 154 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220508-n8kqkaccfr/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
2c7af40057eb6e1b3903e176d25a05e020e8ebeeda0b2e170daafd42346043e2
MD5 hash:
748d888780f79f303b4c9575cd9f54ef
SHA1 hash:
8e25f0775b779ebf2827cfc2e109e97d30ae2b7d
Link:
https://www.unpac.me/results/927464d0-8d2d-44a9-b12e-92b21724e3c7/
SH256 hash:
e661d09d17593a6a347f41e4c799588ddd40edd3ca764e6a99a5cf981914e300
MD5 hash:
751f10dd5a624b23557ab9c8f355e020
SHA1 hash:
883360bcb8b17a23b3c9f8ab6bcb880920d02ca6
Link:
https://www.unpac.me/results/927464d0-8d2d-44a9-b12e-92b21724e3c7/
SH256 hash:
b4f9561c4596cd81a4b2d50a34e77e97d836f0c39f995add8db5685bac4f1408
MD5 hash:
f818c94731971f8c84bdec56ff49577d
SHA1 hash:
058a68f91c0f2f4d25d0cd9f76efd4f01ef2a8b0
Link:
https://www.unpac.me/results/927464d0-8d2d-44a9-b12e-92b21724e3c7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b4f9561c4596cd81a4b2d50a34e77e97d836f0c39f995add8db5685bac4f1408

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b4f9561c4596cd81a4b2d50a34e77e97d836f0c39f995add8db5685bac4f1408

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/269345/

Comments