MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b697bb69af7e30abffa363e7f266fdeeacc83bf149dbe19ba3cccfabb7afce25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 19 File information Comments

SHA256 hash:	b697bb69af7e30abffa363e7f266fdeeacc83bf149dbe19ba3cccfabb7afce25
SHA3-384 hash:	ee097428d47f86871e339710a417953a5a272772aa41acf018c711f1c00bb972687dce02da52891f50e19dbb158ff9ec
SHA1 hash:	e01bb895d0ce6ede89d9f3cdc3d32daa8984e4b7
MD5 hash:	1411e994e018f995c96fc51bf0603be7
humanhash:	river-hotel-fish-wisconsin
File name:	Splunk Grabber.zip
Download:	download sample
File size:	11'829'184 bytes
First seen:	2024-01-19 21:40:46 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	196608:bXLoMmDdnnsgJ8WNEzwvLjv+bhqNVoBmCk5c7GpNlI41J2+Xbk91tlRbbhmN:vo9Ddnnx8oDjL+9qz8mCk+7q3D1JYzbI
TLSH	T112C633A563100DF1D6AAA33E8A264159D773FDB1A354CADB03FC62351E1B4C18C3AF69
TrID	67.7% (.SH3D) Sweet Home 3D design (generic) (10500/1/3) 25.8% (.ZIP) ZIP compressed archive (4000/1) 6.4% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	e24111111111111
Tags:	LunaLogger zip

Intelligence

File Origin

# of uploads :

# of downloads :

135

Origin country :

File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:	Splunk_Grabber.exe
File size:	11'818'511 bytes
SHA256 hash:	09b7860fd849ccffdeac55c70991b6735adb449095f0a0f164732361b2aab2c2
MD5 hash:	8511ee249b9cebe31c70dcc3d63a63cd
MIME type:	application/x-dosexec

File name:	requirements.txt
File size:	34 bytes
SHA256 hash:	8da636d7647441879ec8051442fa536490eb45305efa7c3396010abc447e1960
MD5 hash:	4bc22dbd188c5704774c028d04e0a6d3
MIME type:	text/plain

File name:	cookie_reformat.py
File size:	530 bytes
SHA256 hash:	b728e24260c69e2c59896f9f2f1c8f78f3d4807e2a84d4527d2abf6ab45e79d0
MD5 hash:	7cc84961f09b62bfe20a6e6f75064bd2
MIME type:	text/plain

File name:	README.md
File size:	3'900 bytes
SHA256 hash:	b4498eb772cea025250084fa5881d981acce52e7363f59f29461be1dddcacb36
MD5 hash:	7359a5844eed001db3e404030f098173
MIME type:	text/plain

File name:	CODE_OF_CONDUCT.md
File size:	5'202 bytes
SHA256 hash:	88504558eb3470566208af69870487d373e6687575e8c9b9863f517f16309d81
MD5 hash:	6d7c9a9ca1d12ab5b70d16119a32fd5f
MIME type:	text/plain

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win64.Evo-gen.26294.12420.UNOFFICIAL

Verdict:

No Threat

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/65aaec75fbf3a226eec8b95b/reports/e86b4e02-fdcf-4c2f-a4e3-66ab28cb91ca/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/b697bb69af7e30abffa363e7f266fdeeacc83bf149dbe19ba3cccfabb7afce25

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/b697bb69af7e30abffa363e7f266fdeeacc83bf149dbe19ba3cccfabb7afce25

Score:

94%

Verdict:

Malware

File Type:

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BLOWFISH_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for Blowfish constants

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerException__ConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	Glasses Create hunting rule
Author:	Seth Hardy
Description:	Glasses family

Rule name:	GlassesCode Create hunting rule
Author:	Seth Hardy
Description:	Glasses code features

Rule name:	ldpreload Create hunting rule
Author:	xorseed
Reference:	https://stuff.rop.io/

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants

Rule name:	PyInstaller Create hunting rule
Author:	@bartblaze
Description:	Identifies executable converted using PyInstaller.

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants

Rule name:	upxHook Create hunting rule
Author:	@r3dbU7z
Description:	Detect artifacts from 'upxHook' - modification of UPX packer
Reference:	https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

Rule name:	vmdetect Create hunting rule
Author:	nex
Description:	Possibly employs anti-virtualization techniques

Rule name:	WHIRLPOOL_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for WhirlPool constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip b697bb69af7e30abffa363e7f266fdeeacc83bf149dbe19ba3cccfabb7afce25

(this sample)

exe 09b7860fd849ccffdeac55c70991b6735adb449095f0a0f164732361b2aab2c2

Dropping

SHA256 09b7860fd849ccffdeac55c70991b6735adb449095f0a0f164732361b2aab2c2

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample