MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba26e8891650d628be2c1ecba0da7c5f73623818da427da719d566dea725f546. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA 5 File information Comments

SHA256 hash:	ba26e8891650d628be2c1ecba0da7c5f73623818da427da719d566dea725f546
SHA3-384 hash:	7b47eba6d752074b27d5329006cb5a7661f90173f50a6c6af3ae0ecc269f1ab70a1823959dd24f59f0ce58d3733cb0bb
SHA1 hash:	a8055318e367766c512661a272b9aac78cba6075
MD5 hash:	f5a27edd1c7ed14eb2ddb0ba51a02450
humanhash:	finch-california-kitten-finch
File name:	当月佣金结算.exe
Download:	download sample
File size:	3'432'803 bytes
First seen:	2023-07-07 09:44:38 UTC
Last seen:	2023-07-07 12:23:15 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	1ff847646487d56f85778df99ff3728a (4 x RedLineStealer, 3 x Nitol, 2 x Gh0stRAT)
ssdeep	98304:O06FOznLo0+Dd6uxcLK6qlOPF7rJ3kUN3:O3F6n80W6uGL3q27Vkq
Threatray	29 similar samples on MalwareBazaar
TLSH	T14DF52345F362C4B1E46780B488918B66CB733C225775C6DB1BE5AA7F1F233D09A36326
TrID	68.0% (.CPL) Windows Control Panel Item (generic) (197083/11/60) 10.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 9.1% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4) 3.6% (.EXE) Win64 Executable (generic) (10523/12/4) 2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):
dhash icon	fadadac2a2b8c4e4 (11 x Nitol, 2 x Amadey, 2 x AgentTesla)
Reporter	obfusor
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

267

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

当月佣金结算.exe

Verdict:

No threats detected

Analysis date:

2023-07-07 09:47:15 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/c44af0af-7c41-4f47-a2e8-e1281d5582db

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/410457/

Detection(s):

MiscreantPunch.SingleXOR.EXE.7.UNOFFICIAL

SecuriteInfo.com.BackDoor.IRC.Bot.4560.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for synchronization primitives

Creating a window

Sending a custom TCP request

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/96254/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionGetTickCount

CheckCmdLine

EvasionQueryPerformanceCounter

Gathering data

Verdict:

Suspicious

Labled as:

Confidence_95

Link:

https://www.hybrid-analysis.com/sample/ba26e8891650d628be2c1ecba0da7c5f73623818da427da719d566dea725f546

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/3d4a31a0-a495-4b93-acd6-cd25a4c9919e

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1269085

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ba26e8891650d628be2c1ecba0da7c5f73623818da427da719d566dea725f546/

Threat name:

Win32.Backdoor.Farfli

Status:

Malicious

First seen:

2023-07-07 09:45:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

11 of 24 (45.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xitorciwkdlcrprmd3f2bwt4l5zweoay3jbh3jyz2vtn5jzf6vda._file

Verdict:

unknown

1e7ed9a8dd2e513ace96352932af722d1c3c88641b97f8f59a50774ef1dc31ea

24612d672e37bb6e47a89202b9a442b94eb7a353aa899746621c0c15389ab4f5

583d8351de707ac2b46a2fb9fd9ee31056ad7a83b9fea10df5f3e5e46f890b92

61d451ce5a169591bd4e8633c9030a8afb54027e66dbae6127984caa48bc2568

6f325f597152d05729febea8dd2077cf68efff4abfe593f4cf633baf06e35b57

7ce3b6378d4515a232cdbc3ed69c80f05236ae72ce868ea49dfa1353fd1da53d

827349ef926486d692dec5158ac66fcc27ec6f628f759f1cb23814f50f93ab88

ac2776e3263b66f68353ec62113742e5b045f92da733866a7952673df4b1c45a

dc4f19e5e4dc8fcc3c4ef23408bb2786351dbc4c6d68fd8f882bcbdf52211ff3

+ 19 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230707-lq3sbahc51/

Unpacked files

SH256 hash:

6c35f3baedd5f8b93320325924fb7bef2dcbefb950b370ff6ecad0b34199a8ba

MD5 hash:

03db138fba4f1a617da9d5e3626e5f27

SHA1 hash:

f13bf5a084eb03be34ef18fdc527b7a9c745d54e

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

1d5eac4440755b424eca75b8e68abe4eb525eb212eefab30cbc153dd12a281d2

MD5 hash:

865bb84a0ec166dcb296e6dab1873c7e

SHA1 hash:

3f7097d138a4712a6adc12e02e350e2691b685f0

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

43729907cfa8c89f654114c498dbb7b8922a46d687306eadda2285edef3a115f

MD5 hash:

8ddc67952a314d63383e868b3af05f0e

SHA1 hash:

e2718460721c3c4b98ebaa6284c153b2b92eccdd

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

bfb88c3e29dbe6aa52db640d5e8e176bf8bf6ab94a5d49481134686838ec571e

MD5 hash:

811fd6c22a16bb47abd80f8ecf45ed11

SHA1 hash:

50eb1ea97e74edf4385847255433769327baaf9e

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

6c35f3baedd5f8b93320325924fb7bef2dcbefb950b370ff6ecad0b34199a8ba

MD5 hash:

03db138fba4f1a617da9d5e3626e5f27

SHA1 hash:

f13bf5a084eb03be34ef18fdc527b7a9c745d54e

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

1d5eac4440755b424eca75b8e68abe4eb525eb212eefab30cbc153dd12a281d2

MD5 hash:

865bb84a0ec166dcb296e6dab1873c7e

SHA1 hash:

3f7097d138a4712a6adc12e02e350e2691b685f0

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

43729907cfa8c89f654114c498dbb7b8922a46d687306eadda2285edef3a115f

MD5 hash:

8ddc67952a314d63383e868b3af05f0e

SHA1 hash:

e2718460721c3c4b98ebaa6284c153b2b92eccdd

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

bfb88c3e29dbe6aa52db640d5e8e176bf8bf6ab94a5d49481134686838ec571e

MD5 hash:

811fd6c22a16bb47abd80f8ecf45ed11

SHA1 hash:

50eb1ea97e74edf4385847255433769327baaf9e

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

6c35f3baedd5f8b93320325924fb7bef2dcbefb950b370ff6ecad0b34199a8ba

MD5 hash:

03db138fba4f1a617da9d5e3626e5f27

SHA1 hash:

f13bf5a084eb03be34ef18fdc527b7a9c745d54e

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

1d5eac4440755b424eca75b8e68abe4eb525eb212eefab30cbc153dd12a281d2

MD5 hash:

865bb84a0ec166dcb296e6dab1873c7e

SHA1 hash:

3f7097d138a4712a6adc12e02e350e2691b685f0

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

43729907cfa8c89f654114c498dbb7b8922a46d687306eadda2285edef3a115f

MD5 hash:

8ddc67952a314d63383e868b3af05f0e

SHA1 hash:

e2718460721c3c4b98ebaa6284c153b2b92eccdd

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

bfb88c3e29dbe6aa52db640d5e8e176bf8bf6ab94a5d49481134686838ec571e

MD5 hash:

811fd6c22a16bb47abd80f8ecf45ed11

SHA1 hash:

50eb1ea97e74edf4385847255433769327baaf9e

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

6c35f3baedd5f8b93320325924fb7bef2dcbefb950b370ff6ecad0b34199a8ba

MD5 hash:

03db138fba4f1a617da9d5e3626e5f27

SHA1 hash:

f13bf5a084eb03be34ef18fdc527b7a9c745d54e

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

1d5eac4440755b424eca75b8e68abe4eb525eb212eefab30cbc153dd12a281d2

MD5 hash:

865bb84a0ec166dcb296e6dab1873c7e

SHA1 hash:

3f7097d138a4712a6adc12e02e350e2691b685f0

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

43729907cfa8c89f654114c498dbb7b8922a46d687306eadda2285edef3a115f

MD5 hash:

8ddc67952a314d63383e868b3af05f0e

SHA1 hash:

e2718460721c3c4b98ebaa6284c153b2b92eccdd

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

bfb88c3e29dbe6aa52db640d5e8e176bf8bf6ab94a5d49481134686838ec571e

MD5 hash:

811fd6c22a16bb47abd80f8ecf45ed11

SHA1 hash:

50eb1ea97e74edf4385847255433769327baaf9e

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

SH256 hash:

ba26e8891650d628be2c1ecba0da7c5f73623818da427da719d566dea725f546

MD5 hash:

f5a27edd1c7ed14eb2ddb0ba51a02450

SHA1 hash:

a8055318e367766c512661a272b9aac78cba6075

Link:

https://www.unpac.me/results/dc660a63-aed7-494c-b027-3644cf032783/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ba26e8891650d628be2c1ecba0da7c5f73623818da427da719d566dea725f546

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	cobalt_strike_tmp01925d3f Create hunting rule
Author:	The DFIR Report
Description:	files - file ~tmp01925d3f.exe
Reference:	https://thedfirreport.com

Rule name:	meth_get_eip Create hunting rule
Author:	Willi Ballenthin

Rule name:	meth_stackstrings Create hunting rule
Author:	Willi Ballenthin

Rule name:	PE_Potentially_Signed_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	QbotStuff Create hunting rule
Author:	anonymous

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/410457/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample