MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd330e0b19219332489e32cb870185225d030a118e23606eff6514fdc7ee1463. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd330e0b19219332489e32cb870185225d030a118e23606eff6514fdc7ee1463
SHA3-384 hash: bae349a2f680490bf587f3e4dab69c88f8b0887e64f7e63e9ee75dccc1e0b94eb1e2668220f66faaca7cd0a145e7d2e4
SHA1 hash: 1ba68869fdfe67ad65d892d96af25960a1e6336a
MD5 hash: d0b8dbe294f404919e0f95054aff3c33
humanhash: batman-autumn-undress-crazy
File name:X.exe
Download: download sample
File size:14'842'880 bytes
First seen:2022-02-04 10:23:47 UTC
Last seen:2022-02-04 12:17:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 393216:GV4O4ta4XMY+qa/4YgBZSEOQCoW1fj6aI4:a4O4E4XMt4YgXSe4
TLSH T196E66B1A76D0CD19E0B5633AC7A248B1736E7C19FE63C7DB25ACBB8938317426C0571A
File icon (PE):PE icon
dhash icon 71d8b8e4d8e2e471
Reporter r3dbU7z
Tags:banker exe IRPlan

Intelligence

File Origin
# of uploads :
2
# of downloads :
229
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
X.exe
Verdict:
No threats detected
Analysis date:
2022-02-04 10:29:50 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/67e4929a-b62e-49ff-bd04-033be11c758a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.DownLoader23.22913.20629.6357.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/cd8f97a6-4be2-49c0-bd3f-0aaf929dbced
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/934152
Signature
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
ByteCode-MSIL.Trojan.IRPlan
Create hunting rule
Status:
Malicious
First seen:
2022-02-04 06:27:24 UTC
File Type:
PE (.Net Exe)
Extracted files:
458
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/220204-mfdk4shbfj/
Behaviour
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Checks computer location settings
Sets service image path in registry
Unpacked files
SH256 hash:
6c03ca2e17811bb70881003235b521ec09d3aaae2d58c990807a5bf638b02390
MD5 hash:
0084d227b0d1f23bbad36935df6a4069
SHA1 hash:
e599047e3769de1e4b09ffebfa8e9d742286443b
Link:
https://www.unpac.me/results/95cff943-a98e-4e89-85f5-894fd9755739/
SH256 hash:
fa63b7406e89fe0d4e803deff8b30ce285656b8f8d31ffe111b3a441f0510c7e
MD5 hash:
804b90e715fe42e951da3584e6959b25
SHA1 hash:
a6d821c9028d7d7c4a8659b9764693b17fcd3dab
Link:
https://www.unpac.me/results/95cff943-a98e-4e89-85f5-894fd9755739/
SH256 hash:
6f335b6881409a043c9654baebc829d5089e171b6a0e18744ccc7e95aef599f8
MD5 hash:
6c987a205ef4410634a19519bb620a91
SHA1 hash:
97ac7fb6edff29bde419b92f68717c98fa2b5f88
Link:
https://www.unpac.me/results/95cff943-a98e-4e89-85f5-894fd9755739/
SH256 hash:
5d009ea745d4f3eb50c233e702780804da9d44feac5cf6dae56da24979d99d09
MD5 hash:
8d53483312b5baf872c33c476354a804
SHA1 hash:
85e3a108c80e67e1e47f8923c82636df5e009e4b
Link:
https://www.unpac.me/results/95cff943-a98e-4e89-85f5-894fd9755739/
SH256 hash:
2abf42160302b0f44ea7dcc2e1c1ef910106df8835b0d94f9ced9428655b89e1
MD5 hash:
351ee62de72b9530deee03c9c68d2a29
SHA1 hash:
59f350893a56df61495392474199fd50c7c58901
Link:
https://www.unpac.me/results/95cff943-a98e-4e89-85f5-894fd9755739/
SH256 hash:
468741ac0066b2d5dc49862f532140513187ca7296792d48daa4cd343d1da52f
MD5 hash:
996391120344c06e1974a53660d691a2
SHA1 hash:
50e7d45bac709a00591f1c2a25f837d3bf19d3ba
Link:
https://www.unpac.me/results/95cff943-a98e-4e89-85f5-894fd9755739/
SH256 hash:
ea7fd75e2bb069699d4da09f3601d70ca8e401f58949178cdbf2c5928720daa1
MD5 hash:
8f6875148b45c300b95514cb40703c2e
SHA1 hash:
0015b8e21d84e0f6f174cf71b63651bad94582df
Link:
https://www.unpac.me/results/95cff943-a98e-4e89-85f5-894fd9755739/
SH256 hash:
bd330e0b19219332489e32cb870185225d030a118e23606eff6514fdc7ee1463
MD5 hash:
d0b8dbe294f404919e0f95054aff3c33
SHA1 hash:
1ba68869fdfe67ad65d892d96af25960a1e6336a
Link:
https://www.unpac.me/results/95cff943-a98e-4e89-85f5-894fd9755739/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bd330e0b19219332489e32cb870185225d030a118e23606eff6514fdc7ee1463

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Adsterra_Adware_DOM
Create hunting rule
Author:IlluminatiFish
Description:Detects Adsterra adware script being loaded without the user's consent
Rule name:attack_India
Create hunting rule
Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:INDICATOR_EXE_DotNET_Encrypted
Create hunting rule
Author:ditekSHen
Description:Detects encrypted or obfuscated .NET executables
Rule name:INDICATOR_EXE_Packed_Dotfuscator
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with Dotfuscator
Rule name:INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA
Create hunting rule
Author:ditekSHen
Description:Detects Windows executables referencing non-Windows User-Agents
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe bd330e0b19219332489e32cb870185225d030a118e23606eff6514fdc7ee1463

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2029037/
  
URLhaus
https://urlhaus.abuse.ch/url/2030008/

Comments