MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7a8e474125b7815ae34e84c7f80271bb80911c4532f58b2a3bbffc574f29505. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7a8e474125b7815ae34e84c7f80271bb80911c4532f58b2a3bbffc574f29505
SHA3-384 hash: 74d838c250e04d62b7eb114606d7baca715f0ddaf2f1fcfd38aaffafbca772a530d6c6ef96985693a324408bf11090f2
SHA1 hash: 04787e3d4105a1e20773b293f1c40a410837c7f0
MD5 hash: 9c7a0b469fad339fcd0db43d2ad5de69
humanhash: papa-yellow-west-don
File name:9c7a0b469fad339fcd0db43d2ad5de69.exe
Download: download sample
File size:273'379 bytes
First seen:2022-03-09 15:16:24 UTC
Last seen:2022-03-09 17:27:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 61259b55b8912888e90f516ca08dc514 (1'059 x Formbook, 741 x AgentTesla, 427 x GuLoader)
ssdeep 6144:lYa6PKZOuE1SDIssGilA+XG4LC0g4XAiGCIH6h2izocdy:lYtKZOd0DQGixXJeOXAiQYdy
Threatray 1'397 similar samples on MalwareBazaar
TLSH T1A044121A72C5C053EE7616318DBD86AE3FF4F89D0544972F2751AA68B8732818F2C7E1
File icon (PE):PE icon
dhash icon c4dadadad2f492c2 (25 x GuLoader, 14 x RemcosRAT, 7 x AgentTesla)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
188
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/248745/
Detection(s):
SecuriteInfo.com.NSIS.Injector.AOT.14507.1608.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/8775/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/6228c4f3b94fb38cb4488460/reports/bdba8db2-2b73-4307-94c8-fe5a89b55adc/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/5bde5964-57aa-4c6f-a939-b9a4dc830657
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/953735
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b7a8e474125b7815ae34e84c7f80271bb80911c4532f58b2a3bbffc574f29505/
Threat name:
Win32.Downloader.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2022-03-09 15:17:09 UTC
File Type:
PE (Exe)
Extracted files:
21
AV detection:
10 of 27 (37.04%)
Threat level:
  3/5
Verdict:
unknown
Similar samples:
18b84f5b722ab71d8ad1ccbf30cfed1e168c055fa1bf15fd922a2278a3375f75
52ebcedc43fa6df723891a109c63a4643074595d67a279d558d177940a5a5a97
70ee73260835cf8043fa9f1e2034b4477498ee760e3de2c77f89f25d1ab906e9
785e0ff473552935ca1c597ceabab86f74a07b7ca6bfc58531a7c2fe74539853
b6a0cc1e5488c0c9f1429d1744f8c2f81f7dce4229b8322fbdad043cd9084b1f
bbd7431d0d5272927e67c43cd961df4d855a4dcd080373355f980d61ff110337
bfcd5670bfa7bc6ccbf5d9b13ef3993e852f40b1d77b6854c99d1cee1558e78a
c28bfc6622b79ac2f1b1d57425553dd13c14648be45776e5070f78624b4ae1b8
+ 1'387 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220309-sn2ksscegn/
Behaviour
Enumerates physical storage devices
Unpacked files
SH256 hash:
b7a8e474125b7815ae34e84c7f80271bb80911c4532f58b2a3bbffc574f29505
MD5 hash:
9c7a0b469fad339fcd0db43d2ad5de69
SHA1 hash:
04787e3d4105a1e20773b293f1c40a410837c7f0
Link:
https://www.unpac.me/results/ae0e384d-2a0c-4fe7-b542-f91045955942/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b7a8e474125b7815ae34e84c7f80271bb80911c4532f58b2a3bbffc574f29505

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b7a8e474125b7815ae34e84c7f80271bb80911c4532f58b2a3bbffc574f29505

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2083729/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/248745/

Comments