MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb393daf400b3417fdd00e65698a3fdb977cd41cc1df894b630b271ddb4769df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb393daf400b3417fdd00e65698a3fdb977cd41cc1df894b630b271ddb4769df
SHA3-384 hash: 49028e8dddee5c7f097bf42e5942688c7154881cf5f6af9ac988ef99561a9f9e6a80e8225ac29db78a1c409112d98914
SHA1 hash: 5f08e2d33fc791929e29ad5b93a319453c3583a9
MD5 hash: 525c930b348f58ecdaf03b08c1a91495
humanhash: leopard-failed-zulu-leopard
File name:VSL Q88.scr
Download: download sample
File size:17'920 bytes
First seen:2023-01-25 10:28:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 384:gdO0vPqnnphy83JqGq3HLBhoksn1VRi2J2kcQ5Yi:gdnPqnnph53J3q3rBJsnMkcS
Threatray 1'194 similar samples on MalwareBazaar
TLSH T1FD823A26769C1220C1D7CB7EE9FBEB4002E4D2919547F99EB024238D1A033FAC5E5AC9
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter cocaman
Tags:exe scr

Intelligence

File Origin
# of uploads :
1
# of downloads :
192
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
VSL Q88.scr
Verdict:
Malicious activity
Analysis date:
2023-01-25 10:31:05 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7d2fbd3e-9e05-454e-8726-d0ffb58dd08d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/356676/
Detection(s):
SecuriteInfo.com.Win32.RATX-gen.24327.23795.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending an HTTP GET request
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/63d10473447edb203a00e623/reports/10e59545-1b28-4a1d-901b-f3c204659702/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/32032e97-28df-4bca-b8f9-725a51584aef
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1158609
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb393daf400b3417fdd00e65698a3fdb977cd41cc1df894b630b271ddb4769df/
Threat name:
ByteCode-MSIL.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2023-01-24 13:11:36 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xm4t3l2abm2bp7oqbzswtcr73olxzva4yhpyss3dbmtr3w2hnhpq._file
Verdict:
malicious
Similar samples:
30f3eecdbc1298dc6ba731ffc775390ee61b2bda813ba8f7763c9c39293ce33c
5cdc6ad4ef4e82c8926e74345d5feb5e6bc509917531c8f1a4e9846742d429bf
5fd0f81bd06b45d4db78cae537594cf704f1cbf5259242279ac011cffa0d4baf
67b7f66025b6098025886ec925046c49b07ef843184c8c2e9df74cfff9eb8987
7d78760bb50c4e3b9f29c9d507b8c593a8497eda54285358c948577f27c71820
944e677d882ba25d76f5d990f9c3dac64b21d6310dd23874a7ae9467b81a5712
98921f90bcc299a77bab8db2d42281bc833e4951d7cb7437060ecf5b36a02d94
db29e46a00783cde39989459c59012331558105ed1c0de921ad0f296f3a1d2bf
f552aa73f8676e36d8a3c31cae3a875f39e50cb4ee332b4349e8cb39ea55cf31
+ 1'184 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230125-mh8t2afg26/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
bb393daf400b3417fdd00e65698a3fdb977cd41cc1df894b630b271ddb4769df
MD5 hash:
525c930b348f58ecdaf03b08c1a91495
SHA1 hash:
5f08e2d33fc791929e29ad5b93a319453c3583a9
Link:
https://www.unpac.me/results/b251f888-91c2-47bb-a3a7-2c2e008db3c1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/bb393daf400b3417fdd00e65698a3fdb977cd41cc1df894b630b271ddb4769df

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar 3c3a0a24c9dc7ee7cb4a86ef7e113b9835d4dc2c69b915e9d16f68f99799e4c9

Executable exe bb393daf400b3417fdd00e65698a3fdb977cd41cc1df894b630b271ddb4769df

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 3c3a0a24c9dc7ee7cb4a86ef7e113b9835d4dc2c69b915e9d16f68f99799e4c9
Cape
Cape
https://www.capesandbox.com/analysis/356676/
  
Dropped by
MD5 4b717baf6a9b0c219b44bc5eabc821e2

Comments