MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b58e40f673d446170b786c8cd3f8013d23e2c2a124f33228fc4c33f5ea6fa160. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b58e40f673d446170b786c8cd3f8013d23e2c2a124f33228fc4c33f5ea6fa160
SHA3-384 hash: f1361b9c9119882a5f0c5f6462d5b6f1bdc07ddb0bccbe64147439e4ae5d3917f57e00115dcb045e458f6dfb2dea33a1
SHA1 hash: 6d1295a82900210708c670ba0c0e2ad0c8ee54ee
MD5 hash: 082cf14e33c42c3926921dcba254bcb3
humanhash: lithium-mars-kansas-delta
File name:082cf14e33c42c3926921dcba254bcb3
Download: download sample
File size:307'712 bytes
First seen:2021-08-18 02:52:12 UTC
Last seen:2021-08-18 04:08:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash eb816bdcb34642ae497d2f004d3c6914 (3 x RedLineStealer, 1 x DanaBot, 1 x Smoke Loader)
ssdeep 3072:szZHwnMnR8oEFiyChHWnl676dcc8J/OtpAeLvrFwiVMteHHBNiADRuQuKT0yB3ek:sFLnnrySHWk7mRtpzZwleHhnlG3/Y
Threatray 27 similar samples on MalwareBazaar
TLSH T10E64E0123590EA72CD8601704472F7E49E69B931EF614157338C3FAFAF703A1766A39A
dhash icon 10367c7872767636 (1 x RaccoonStealer, 1 x RedLineStealer, 1 x DanaBot)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
082cf14e33c42c3926921dcba254bcb3
Verdict:
Malicious activity
Analysis date:
2021-08-18 02:53:30 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/743f3a21-f63d-489c-99d3-91b0a01deff5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/180181/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.26772.20911.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Launching the default Windows debugger (dwwin.exe)
DNS request
Creating a process from a recently created file
Creating a process with a hidden window
Creating a window
Connection attempt
Sending an HTTP GET request
Sending a UDP request
Launching a file downloaded from the Internet
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/93569117-e182-417f-8504-f269101a988a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/834841
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: System File Execution Location Anomaly
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b58e40f673d446170b786c8cd3f8013d23e2c2a124f33228fc4c33f5ea6fa160/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-08-18 02:53:06 UTC
AV detection:
22 of 46 (47.83%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1446cc6d77e26bfbdcfbf276b07f1bafcb189c632a0d64bd00a592709ec7113a
1cdddf182f161ab789edfcc68a0706d0b8412a9ba67a3f918fe60fab270eabff
1ebe6f3a9469996e6440bd80b89e7628601d0b56ff8eb887ae64108144d64af7
268c3b1f3ca8e8064b11c5b8f107d186aebefb7c53b8ff8d74f4a51d9029bfaf
29b6472345fb0eaf95759b22e748fc893ea0537c79fecb9ff4fdfb70d642dc88
3474885d8a6ef157d6e9893df6c81bcb8273a1f438d641b4a9324ab3823b6539
8f2789b6a628a92f9f6313305b255c405f867c49161bb864263dcfef5a6f712d
b7e83ed67328384c54066b0d41926b0828b31d8f56c3a6d36d3ca7bc543f6e6e
c57fbe5d0712b881c1e13d232f39bda8bbdd17d2b91213fab204d94f1a56e4c6
f4061f8c3a11c9a7fd8e0d1d213594cbdcbe85aa1ab02ac8c76f6897e1f9ef02
+ 17 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210818-nk66czwv46/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
22a5bd295e53d5fed61ee5c44dfe2e3c0dfcfc7c9c8fb484bac2042a1e9436bb
MD5 hash:
b0d8a58d3b68a9d32bc85e7099249220
SHA1 hash:
c5287bb191f5bc6555512e2d370f84c591f1c6bb
Link:
https://www.unpac.me/results/5a9038dc-5516-474b-8ace-fc9ddd47f012/
SH256 hash:
b58e40f673d446170b786c8cd3f8013d23e2c2a124f33228fc4c33f5ea6fa160
MD5 hash:
082cf14e33c42c3926921dcba254bcb3
SHA1 hash:
6d1295a82900210708c670ba0c0e2ad0c8ee54ee
Link:
https://www.unpac.me/results/5a9038dc-5516-474b-8ace-fc9ddd47f012/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b58e40f673d446170b786c8cd3f8013d23e2c2a124f33228fc4c33f5ea6fa160

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b58e40f673d446170b786c8cd3f8013d23e2c2a124f33228fc4c33f5ea6fa160

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1529939/
  
URLhaus
https://urlhaus.abuse.ch/url/1524012/
  
URLhaus
https://urlhaus.abuse.ch/url/1525305/
  
URLhaus
https://urlhaus.abuse.ch/url/1523998/
Cape
Cape
https://www.capesandbox.com/analysis/180181/

Comments


Avatar
zbet commented on 2021-08-18 02:52:13 UTC

url : hxxp://193.56.146.55/Api/GetFile3/