MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bae35f29c9c6122892501ce258a4f06cc321d8768d7963138e7126a6680ca808. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bae35f29c9c6122892501ce258a4f06cc321d8768d7963138e7126a6680ca808
SHA3-384 hash: e34f2da35c7d10032ef4335c8e8042e0a1f87e3020fb71a24cbef969727888aeaf9cb1064bb680ef703e3fae431ffb9e
SHA1 hash: 1afc39a36eda884caf1d2fa036986c9149d02920
MD5 hash: 683c7878b51e43e5c68ca319b13b4847
humanhash: bravo-helium-six-robin
File name:683c7878b51e43e5c68ca319b13b4847
Download: download sample
File size:363'122 bytes
First seen:2022-03-21 10:06:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7fa974366048f9c551ef45714595665e (946 x Formbook, 398 x Loki, 261 x AgentTesla)
ssdeep 6144:HGiuQluXV6lG0wT6tKtamF9wStfto1Z+TS0XI2EEUy496Iql6v8mFu0g:VuXSK2tUaoKSt61l0XI20yWql2sp
Threatray 3'895 similar samples on MalwareBazaar
TLSH T1D1741292E2C0C4A6D96203316D37597543A7FDA5E37218DF27A43F782EF71930216AE2
File icon (PE):PE icon
dhash icon 32320802300a0316 (5 x AgentTesla, 2 x SnakeKeylogger, 1 x Loki)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
191
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
B35O-18342.doc
Verdict:
Malicious activity
Analysis date:
2022-03-21 07:10:02 UTC
Tags:
exploit CVE-2017-11882
Link:
https://app.any.run/tasks/0f746b17-0268-43ba-8a17-f83541e3fe3f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/253498/
Detection(s):
Win.Malware.Nymeria-6957980-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Creating a file in the %temp% directory
Creating a process from a recently created file
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/62384e55dfdfa8501cc62b59/reports/bc4754c0-8516-4877-be87-c7a748c84d96/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/55419d10-852a-4be3-8032-be79ad76f6d3
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/960601
Signature
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bae35f29c9c6122892501ce258a4f06cc321d8768d7963138e7126a6680ca808/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2022-03-21 10:07:08 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
16 of 27 (59.26%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0e2e801a0cc0e4257442d1243a17ae2ec7e7057cdb4a41a899d9aec7eb77cfbb
0f71db9b3323ec4ee05ca87d0f3190de6f8380f94c90c8b2aa27a75ddbb804fd
139afefc28319e5f2d0706268613e6d473be21893b39e7cffb76c1f7711fbee1
2f6e89afd122fb052c5ad063bfe784b854157f9ff99af0a8aae4b7d19641ff61
564ba44d994ab5c2881b64ba2c9e5b444ffea62432853346e1086e4ef9f01a0b
8d08a6736ce2ad51b87e1f3e9577a53abd8ca055fb1d7027b97250cecabee199
926ce819159cfd0a999440d686f655fe92282024f5b44bae1e2db877a603f447
974a753b6be631d76aa556b3eb8c6638783a410bd0fbf6e4982a4ae41cf8c305
+ 3'885 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220321-l5m1eabdhq/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
bae35f29c9c6122892501ce258a4f06cc321d8768d7963138e7126a6680ca808
MD5 hash:
683c7878b51e43e5c68ca319b13b4847
SHA1 hash:
1afc39a36eda884caf1d2fa036986c9149d02920
Link:
https://www.unpac.me/results/88f35008-1416-49fa-9868-1b34cb668fae/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.28
Link:
https://yomi.yoroi.company/submissions/bae35f29c9c6122892501ce258a4f06cc321d8768d7963138e7126a6680ca808

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe bae35f29c9c6122892501ce258a4f06cc321d8768d7963138e7126a6680ca808

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/253498/
  
URLhaus
https://urlhaus.abuse.ch/url/2108892/

Comments


Avatar
zbet commented on 2022-03-21 10:06:37 UTC

url : hxxps://blueprogress.org/grace.jpg