MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb025003b58ee61c3d6805cd3974844ca21224c8fd64c0678b19864453137a58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb025003b58ee61c3d6805cd3974844ca21224c8fd64c0678b19864453137a58
SHA3-384 hash: 6c9d1d6af5464139f876827165debe63c8f3bb86cd237b1044c27421d095aabd840750b4237f2a830b57b16eec76502b
SHA1 hash: 0d5882dc300fcec47db1b48d774311cba4f80932
MD5 hash: 24c4788a737cda143d0edac9c711994d
humanhash: comet-blue-illinois-delta
File name:24c4788a737cda143d0edac9c711994d.exe
Download: download sample
File size:376'832 bytes
First seen:2021-08-25 12:02:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ef471c0edf1877cd5a881a6a8bf647b9 (83 x Formbook, 33 x Loki, 31 x Loda)
ssdeep 6144:l4XrK9PX7Fp6Gh2wWRGl0EDDf1PisZQ5rAGQwg1QtP1f4paaYlsdcaMJEdbI0Pzs:eXe9PPlowWX0t6mOQwg1Qd15CcYk0We8
Threatray 1'069 similar samples on MalwareBazaar
TLSH T1D084124548C4CCA6E729B371D0B3CF9819757832CCD56B689758EA2EB870243B853E6F
dhash icon aae2f3e38383b629 (2'034 x Formbook, 1'183 x CredentialFlusher, 666 x AgentTesla)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
VpskOperation_98830049.xlsx
Verdict:
Malicious activity
Analysis date:
2021-08-25 11:53:43 UTC
Tags:
encrypted opendir exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/1b1b28ff-9ba6-4c46-9803-cf0125342f48

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/182306/
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Sending a UDP request
Sending an HTTP GET request
Creating a file in the %temp% directory
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c4a3c27c-e4de-429d-a5e3-929f62f9c422
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/839021
Signature
AutoIt script contains suspicious strings
Multi AV Scanner detection for submitted file
Yara detected Generic Dropper
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb025003b58ee61c3d6805cd3974844ca21224c8fd64c0678b19864453137a58/
Threat name:
Win32.Downloader.Zenlod
Create hunting rule
Status:
Malicious
First seen:
2021-08-25 12:02:22 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  3/5
Verdict:
malicious
Similar samples:
0557e333f1847ac02b825363cb78ea97cf53f3a0cae253830572c89c8dec01ed
089e8696eff20b84e89e801127624dada3b321b0523d45cb648d437af4271716
16475b2dabce04660e1f6127adf54827b7cf024f4cded92b9be6e07c85ae7a89
29a8a708880ca187202112de47bed915bf9fd0e64cab0d08a839b7ede6c16506
378a43b4576b7d9a7bf424295f83cee901ad8347351285a3dc0708d78312a4cc
3c60a213817ebd39736a7697167aa4c1acedb10d1a8656662b70b2f1fc327ad7
68815fd1b30680f0810f01b9d651b31995e2dbce667d2e2a785eab4c1e56765c
a4651a13c5c1ad76aa985712a38891333b3bdf02a46ed619aabcbfcbfd0ddb5e
a4c035de8a4edb11a8cfaef2f2f8326d8909578cf9d5a5534edd4eb9d5a50680
f8292298f2fe8d14012c0c6d4b98ef47d38dfb0e8e359a81fbcfd338d915dfbb
+ 1'059 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210825-8n2t91hfp2/
Behaviour
Modifies system certificate store
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
209fc9d70d3c5faa4dfe06baac0f23fef7bca328cb239ceb3b831252ad6182ce
MD5 hash:
39c77e2e8056b5b8569c23d1432acfe0
SHA1 hash:
14de852eb997cc40809ec91c1c8bac2829f2972b
Link:
https://www.unpac.me/results/4c67824a-1f1e-4b88-9ed9-469e556a69d7/
SH256 hash:
bb025003b58ee61c3d6805cd3974844ca21224c8fd64c0678b19864453137a58
MD5 hash:
24c4788a737cda143d0edac9c711994d
SHA1 hash:
0d5882dc300fcec47db1b48d774311cba4f80932
Link:
https://www.unpac.me/results/4c67824a-1f1e-4b88-9ed9-469e556a69d7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.85
Link:
https://yomi.yoroi.company/submissions/bb025003b58ee61c3d6805cd3974844ca21224c8fd64c0678b19864453137a58

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe bb025003b58ee61c3d6805cd3974844ca21224c8fd64c0678b19864453137a58

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1560712/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/182306/

Comments