MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 beb9059e40b486f2ef402a33437703b3ed820748bc2e7ad9638734b75d8f30fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SpectreRAT


Vendor detections: 12


Intelligence 12 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: beb9059e40b486f2ef402a33437703b3ed820748bc2e7ad9638734b75d8f30fc
SHA3-384 hash: 143013f2206f3d12ee98b529dc8c1fe9f2961c49e70f43dd25f19e368605fe1b123a24683dfe27d932cad7d8df810436
SHA1 hash: 16269319577509bbb9208e587c1c4237ba51a8b0
MD5 hash: 408040dfce12313d04d8220ec0bb9245
humanhash: burger-delta-bakerloo-lima
File name:408040dfce12313d04d8220ec0bb9245.exe
Download: download sample
Signature SpectreRAT
Create hunting rule
File size:1'478'144 bytes
First seen:2022-02-02 09:27:11 UTC
Last seen:2022-02-02 13:10:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 70ac2274bd7363c65fb5e19281953500 (1 x SpectreRAT)
ssdeep 24576:/Q4JWs81BdPNrwxY/FBIw1RGeI1oSA7r9P21mKZl5gxjxkEaHNYK3yY:/GVOY/M8RGxyhrJhkClxNaj
TLSH T1B76533E3BCC1AA80F04F4D79195324FA40985F2853D3366FAD936017A65E89389B937F
Reporter abuse_ch
Tags:exe SpectreRAT


Avatar
abuse_ch
SpectreRAT C2:
http://alligatorsviolottabackyard.top/v4/api_t.php

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://alligatorsviolottabackyard.top/v4/api_t.php https://threatfox.abuse.ch/ioc/375500/

Intelligence

File Origin
# of uploads :
3
# of downloads :
163
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://gitlab.com/prolivbebra/sdasdasdafdgaswdfds/-/raw/main/adsasdasdasd.exe
Verdict:
Malicious activity
Analysis date:
2022-01-13 03:41:33 UTC
Tags:
opendir trojan loader
Link:
https://app.any.run/tasks/ecb676d6-b9b6-4dbc-9bd1-e2c324bbb0fa

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Spectre
Create hunting rule
Link:
https://www.capesandbox.com/analysis/229911/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Creating a window
Creating a file in the %AppData% subdirectories
Sending an HTTP POST request
Running batch commands
Creating a process with a hidden window
Creating a process from a recently created file
Using the Windows Management Instrumentation requests
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed spectre
Link:
https://www.filescan.io/uploads/61fa4ea7a0f6a794b33322c9/reports/1d10151d-f179-42af-9810-f376ae6b35a8/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8860c7ea-98cb-48b0-90e7-d1fecd1f89c9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/932642
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/beb9059e40b486f2ef402a33437703b3ed820748bc2e7ad9638734b75d8f30fc/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-01-12 12:56:17 UTC
File Type:
PE (Exe)
AV detection:
31 of 43 (72.09%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x24qlhsawsdpf32afizug5ydwpwyeb2ixqxhvwldq42loxmpgd6a._file
Verdict:
malicious
Gathering data
Unpacked files
SH256 hash:
768fbd48140f6da2ecc590fb5985b57f2341f684039a74a4fc82ea0be309a523
MD5 hash:
f9477edff350630fd17b3d98900b37f5
SHA1 hash:
39c5187be510bcc2decadb78ea810b3656f78e66
Detections:
win_spectre_w0
Create hunting rule
Link:
https://www.unpac.me/results/a1d025a1-eff8-42c0-891d-093114ef4a21/
SH256 hash:
beb9059e40b486f2ef402a33437703b3ed820748bc2e7ad9638734b75d8f30fc
MD5 hash:
408040dfce12313d04d8220ec0bb9245
SHA1 hash:
16269319577509bbb9208e587c1c4237ba51a8b0
Link:
https://www.unpac.me/results/a1d025a1-eff8-42c0-891d-093114ef4a21/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/beb9059e40b486f2ef402a33437703b3ed820748bc2e7ad9638734b75d8f30fc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SpectreRAT

Executable exe beb9059e40b486f2ef402a33437703b3ed820748bc2e7ad9638734b75d8f30fc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2023812/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/229911/

Comments