MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf9785883bfcf716ec34d67f9ee4dbee07597b2bd61759b35c3724f469de8609. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf9785883bfcf716ec34d67f9ee4dbee07597b2bd61759b35c3724f469de8609
SHA3-384 hash: d6779455576897d909b65f49eb22e352f857af5886421933aebd58a8d33e2beaa2ad86557ad000a945ed1700b454ef2d
SHA1 hash: ac854f25763e58c1e760c9ffac1cfd3a366fab42
MD5 hash: 9adca3e4e32b024c9dc07b3d4fe895e6
humanhash: alaska-emma-charlie-march
File name:payload.bin
Download: download sample
File size:114'434 bytes
First seen:2024-01-11 10:27:18 UTC
Last seen:Never
File type:unknown
MIME type:application/octet-stream
ssdeep 3072:1G8hdSiG9vSBUYCFUHuFmOwGvF4Bgq62aMRKXBwLs/:c8XSZcUYCN4BgqggKXAs/
TLSH T1B5B3CFB1FBF3D585C0EAD0B42B4397A3ED313C5C957CBAD6439542173B268A434AE690
Reporter JAMESWT_WT
Tags:194-33-191-248--7287

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Agent-BCVC.32398.3395.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  2.5/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/659fc2b599da41ccd7cec4a4/reports/6bcdb093-2471-4ffe-8500-39a79db48f5f/overview
Verdict:
Malicious
Labled as:
ShellCode.Donut.Marte.2.Generic
Link:
https://www.hybrid-analysis.com/sample/bf9785883bfcf716ec34d67f9ee4dbee07597b2bd61759b35c3724f469de8609
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf9785883bfcf716ec34d67f9ee4dbee07597b2bd61759b35c3724f469de8609/
Threat name:
Win32.Exploit.DonutMarte
Create hunting rule
Status:
Malicious
First seen:
2024-01-11 10:24:36 UTC
File Type:
Binary
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x6lylcb37t3rn3bu2z7z5zg35ydvs6zl2ylvtm24g4spi2o6qyeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bf9785883bfcf716ec34d67f9ee4dbee07597b2bd61759b35c3724f469de8609

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:maldoc_getEIP_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:Windows_Trojan_Donutloader_f40e3759
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown bf9785883bfcf716ec34d67f9ee4dbee07597b2bd61759b35c3724f469de8609

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2748078/
  
Delivery method
Distributed via web download

Comments