MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd53075ac414d8b388be01964a1975c2bf6727bd9d285218baea21b75981cb24. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DarkGate


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd53075ac414d8b388be01964a1975c2bf6727bd9d285218baea21b75981cb24
SHA3-384 hash: f18559b5c19f8568644a6ad001cc555b218b10d6f7e1a51318ea2d283940bf7aaf651ad4b56d28ce0f89eb4db9edaaff
SHA1 hash: fd9efb4ea2277c6a3d09282e80c4af1bcf32f1b1
MD5 hash: 7326f7a44fd9a29c3d004dffd0367d85
humanhash: arizona-finch-rugby-washington
File name:1040_document_pdf
Download: download sample
Signature DarkGate
Create hunting rule
File size:73'123 bytes
First seen:2024-03-05 20:37:43 UTC
Last seen:Never
File type:unknown
MIME type:application/octet-stream
ssdeep 384:CsjDqVVIkdD7YXgMwk+Hrj9ow/0z3Y5B18NScSfplezPlT/sfm1Q4ap17cqdIxXg:Cs3uh7YX+FAzYWtSfihTc1k0sS7
TLSH T19D630E057FAD6283C98351F02E8C97450E929E85B86BCF7B94973242D2FAC894F9315F
Reporter rmceoin


Avatar
rmceoin
91.92.245.222/Downloads/1040doc_pdf.lnk
lastmodified: Tue, 05 Mar 2024 09:29:11 GMT
LNK -> mshta http://168.100.8.242/dc001/1040_document_pdf -> http://168.100.8.242/dc001/1040documentpdf.vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
US US
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin masquerade shell32
Link:
https://www.filescan.io/uploads/65e782ab95e2f0fb7a8d8e1c/reports/c360add5-17bb-4514-8960-12d9cbf0b69d/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/bd53075ac414d8b388be01964a1975c2bf6727bd9d285218baea21b75981cb24
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd53075ac414d8b388be01964a1975c2bf6727bd9d285218baea21b75981cb24/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xvjqowwectmlhcf6agleuglvyk7woj55tuufegf25iq3owmbzmsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bd53075ac414d8b388be01964a1975c2bf6727bd9d285218baea21b75981cb24

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:QbotStuff
Create hunting rule
Author:anonymous

File information

The table below shows additional information about this malware sample such as delivery method and external references.

DarkGate

Shortcut (lnk) lnk ca388a52c69865829152ec89665ebdaa1b2a77dea74973352287c3a37fa1e206

DarkGate

unknown bd53075ac414d8b388be01964a1975c2bf6727bd9d285218baea21b75981cb24

(this sample)

DarkGate

Visual Basic Script (vbs) vbs 4d86f191c4d7a5684116b671618669ec2bdd6bc08337fa2573c773386a14b2df

  
Dropped by
SHA256 ca388a52c69865829152ec89665ebdaa1b2a77dea74973352287c3a37fa1e206
  
Dropping
SHA256 4d86f191c4d7a5684116b671618669ec2bdd6bc08337fa2573c773386a14b2df
  
Dropping
MD5 e02b999dc0c9c4bba51b28c6e733055a
  
Dropped by
MD5 915034264360cd02a671861c0822eb65

Comments