MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbb3c68240e69552a21b9fc649cf9a2686d26ad9297d8745ec7ba7afcd0fc9dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbb3c68240e69552a21b9fc649cf9a2686d26ad9297d8745ec7ba7afcd0fc9dd
SHA3-384 hash: 2552d7443840b4761028ea7a055f4e06658f439a081e8fc8be391c9db0ea233854645d1f339bfd4fa136c2902847a00b
SHA1 hash: fece4c968c28f10849f7708346842a4c844aa5d3
MD5 hash: 4a4d26599ba12e48de5310d2b789ef90
humanhash: crazy-ten-kilo-floor
File name:virussign.com_4a4d26599ba12e48de5310d2b789ef90
Download: download sample
File size:3'393'656 bytes
First seen:2022-07-15 14:43:52 UTC
Last seen:2024-07-24 20:52:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 00be6e6c4f9e287672c8301b72bdabf3 (116 x RedLineStealer, 70 x AsyncRAT, 55 x AgentTesla)
ssdeep 98304:C5zgfx9C7H5O1Wy8GgZ5samBLz2aj352a0GV027Zk:C9SsZJ/cBdzIa0GV06k
Threatray 1'583 similar samples on MalwareBazaar
TLSH T19EF512C1EDA042B9E6A10F3149A5F6351B6D3FF0FE24B14EE394F8658F718D0E215A92
TrID 53.5% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
39.8% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
2.1% (.EXE) Win64 Executable (generic) (10523/12/4)
1.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon 78e4cad0e6a6b8d8
Reporter KdssSupport
Tags:exe signed

Code Signing Certificate

Organisation:Audials AG
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:2020-06-25T00:00:00Z
Valid to:2022-06-25T23:59:59Z
Serial number: a569bab9ac20297b5291a114d9dd84a3
Thumbprint Algorithm:SHA256
Thumbprint: a63a8ad555ced687c3a0eddb213904503b30be1644ca57350d12a3d8e9e6a5b1
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
KdssSupport
Uploaded with API

Intelligence

File Origin
# of uploads :
2
# of downloads :
143
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/289681/
Detection(s):
SecuriteInfo.com.Troj.NanoCo_TZ.22029.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
DNS request
Sending an HTTP GET request
Creating a file
Sending an HTTP POST request
Sending a custom TCP request
Unauthorized injection to a recently created process
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/25412/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed setupapi.dll shdocvw.dll shell32.dll
Link:
https://www.filescan.io/uploads/62d17db38dab2096b99ef0a3/reports/9a159f35-c7d1-40f5-b929-1d15ab92b568/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/e22619a8-6945-45a5-8adc-fedbfb6fa1a8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bbb3c68240e69552a21b9fc649cf9a2686d26ad9297d8745ec7ba7afcd0fc9dd/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xoz4nasa42kvfiq3t7dett42e2dne2wzff6yorpmpot27tipzhoq._file
Verdict:
unknown
Similar samples:
0eb41e962d7be24fe14670c0bda3283dd6db00bbe813d1d93da23c125af8e4dc
1c9ac73de149a9df1d58572db60bfa8824470f11c109ea55b91aada0d6c8a2a6
3046d9e6d364bf2dbb3d67251919fa792769c87dbe2a36cb76faf5217fe32137
39a0ad9117de868c1aa3f891c58e750ef8688b829582c08c4c39098b94bf4f9c
70d991e7c073c8d0706a8daa9b78aa7684c8c856989b66b53f2a3b79dfa1f814
982cf9ea20248fe7a489611a7c7e64fe1603d2517a007610c7b24e407881cb5f
9e1565a4e0af404cf7eb096a60ddb70b5d5adf849312ea6f76c6374841759166
bca94673146a9b4a47b85b41808b4068ca5e0b15b42deda0dc31a1db9f6b5e7a
be229bdaf4ed159fcee3b29cf41851f25ce584b88aac09aaad69bf51e1b14577
c2c3851dfab3b0b959145307759d5ed1cb64d92b7e0af87b79f0df0ee7b71e38
+ 1'573 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220715-r3514acear/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
7a19c4182633252bc777a3c86a8bc8774a38ef7070078813583b243e3df30264
MD5 hash:
bb58274b6ca80bf66e5a9c15d5516333
SHA1 hash:
ff26fa3a11a75a63c9263e73b4c4abf475a9db7a
Link:
https://www.unpac.me/results/7454f1a0-3505-4e90-ba81-a4e53d09241d/
SH256 hash:
9b0a6d2881dab1767701d4e1e1cc51bff4a4554f252b2e5fbbabfbe1e8bc398c
MD5 hash:
a0b72c4bd987aae4739cbd258c5ab17c
SHA1 hash:
ccd50220545f1266ce1eccc2c396338841d8025a
Link:
https://www.unpac.me/results/7454f1a0-3505-4e90-ba81-a4e53d09241d/
SH256 hash:
4e62f03db9be690a7ee3d8f260cdbd312a3c088d5c60af1e0eea64d744893073
MD5 hash:
a61edecb5b692aa8174ee5982900e983
SHA1 hash:
4eeb066ac40e9c00db3ce740ee9d021e857f5a0a
Link:
https://www.unpac.me/results/7454f1a0-3505-4e90-ba81-a4e53d09241d/
SH256 hash:
b98f212f1317d1671a053baadee08f9ae5a2c3ac57f288c156a82008fa2a0c42
MD5 hash:
df478a0d20e7603375667f58c98ae61c
SHA1 hash:
060b63db639abbb8ce398c1f12d5fe134b73010b
Link:
https://www.unpac.me/results/7454f1a0-3505-4e90-ba81-a4e53d09241d/
SH256 hash:
d51eedc8f5ee772e266337c91f5ad5090ebdefdcf3df2f8950284dad9970153c
MD5 hash:
969db926d70496db270cf0d2900ab8f5
SHA1 hash:
016bfd7da029005b30532e59efdb90a86634a651
Link:
https://www.unpac.me/results/7454f1a0-3505-4e90-ba81-a4e53d09241d/
SH256 hash:
bbb3c68240e69552a21b9fc649cf9a2686d26ad9297d8745ec7ba7afcd0fc9dd
MD5 hash:
4a4d26599ba12e48de5310d2b789ef90
SHA1 hash:
fece4c968c28f10849f7708346842a4c844aa5d3
Link:
https://www.unpac.me/results/7454f1a0-3505-4e90-ba81-a4e53d09241d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bbb3c68240e69552a21b9fc649cf9a2686d26ad9297d8745ec7ba7afcd0fc9dd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:Sectigo_Code_Signed
Create hunting rule
Description:Detects code signed by the Sectigo RSA Code Signing CA
Reference:https://bazaar.abuse.ch/export/csv/cscb/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe bbb3c68240e69552a21b9fc649cf9a2686d26ad9297d8745ec7ba7afcd0fc9dd

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/289681/

Comments