MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4f9561c4596cd81a4b2d50a34e77e97d836f0c39f995add8db5685bac4f1408. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: b4f9561c4596cd81a4b2d50a34e77e97d836f0c39f995add8db5685bac4f1408
SHA3-384 hash: ad4bc0c81a13e03944e7bf620715f4afa46b2faf833f819874a45d86202092f33622adb39c3f7e7e1831a04b4c2ae4d8
SHA1 hash: 058a68f91c0f2f4d25d0cd9f76efd4f01ef2a8b0
MD5 hash: f818c94731971f8c84bdec56ff49577d
humanhash: neptune-whiskey-helium-white
File name:Install discord.exe
Download: download sample
File size:2'001'312 bytes
First seen:2022-05-08 12:03:53 UTC
Last seen:2022-05-08 12:32:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep 24576:b4nXubIQGyxbPV0db26AqO8st1LscGFXagMAGyWTH8bVF58Mzafcv0If:bqe3f6k8E1LsRFK7ADF5f+U
Threatray 164 similar samples on MalwareBazaar
TLSH T14095BF7B7228A03FC45A0A3259B3B2F05C7B7A51AC168C5ACFF4094DDF668601E3EE15
TrID 61.8% (.EXE) Inno Setup installer (109740/4/30)
23.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
5.9% (.EXE) Win64 Executable (generic) (10523/12/4)
2.5% (.EXE) Win32 Executable (generic) (4505/5/1)
1.6% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon b4554d53365c5cb2
Reporter JaffaCakes118
Tags:exe signed

Code Signing Certificate

Organisation:APELSIN LLC
Issuer:Sectigo Public Code Signing CA R36
Algorithm:sha384WithRSAEncryption
Valid from:2022-02-09T00:00:00Z
Valid to:2023-02-09T23:59:59Z
Serial number: 8639f7efa769f8accaf6c17912c7b9fc
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: b086854c909540073ecad80053ba640b8db09f071cb01f222b1749bcba64a08f
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence


File Origin
# of uploads :
2
# of downloads :
255
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Install discord.exe
Verdict:
Malicious activity
Analysis date:
2022-05-08 11:59:35 UTC
Tags:
installer opendir

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
DNS request
Connecting to a non-recommended domain
Sending an HTTP GET request
Moving a file to the %temp% subdirectory
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Behaviour
MalwareBazaar
CheckNumberOfProcessor
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe expand.exe overlay packed setupapi.dll shell32.dll
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
26 / 100
Signature
Multi AV Scanner detection for submitted file
Obfuscated command line found
Behaviour
Behavior Graph:
Threat name:
Win32.PUA.Generic
Status:
Suspicious
First seen:
2022-05-02 18:33:02 UTC
File Type:
PE (Exe)
AV detection:
4 of 26 (15.38%)
Threat level:
  1/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
2c7af40057eb6e1b3903e176d25a05e020e8ebeeda0b2e170daafd42346043e2
MD5 hash:
748d888780f79f303b4c9575cd9f54ef
SHA1 hash:
8e25f0775b779ebf2827cfc2e109e97d30ae2b7d
SH256 hash:
e661d09d17593a6a347f41e4c799588ddd40edd3ca764e6a99a5cf981914e300
MD5 hash:
751f10dd5a624b23557ab9c8f355e020
SHA1 hash:
883360bcb8b17a23b3c9f8ab6bcb880920d02ca6
SH256 hash:
b4f9561c4596cd81a4b2d50a34e77e97d836f0c39f995add8db5685bac4f1408
MD5 hash:
f818c94731971f8c84bdec56ff49577d
SHA1 hash:
058a68f91c0f2f4d25d0cd9f76efd4f01ef2a8b0
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b4f9561c4596cd81a4b2d50a34e77e97d836f0c39f995add8db5685bac4f1408

(this sample)

  
Delivery method
Distributed via web download

Comments