MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c23b098a627d1c8449fad6756007c3b2a7ae20c3e70c74bbe4154c8b1651c84e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c23b098a627d1c8449fad6756007c3b2a7ae20c3e70c74bbe4154c8b1651c84e
SHA3-384 hash: def5aefb6982377148cb2c2932364ee414266492b41c1a59223629b31cffddb7571f10ce95c715e9fc7761ebc1d07dce
SHA1 hash: d7d1ee7455859901c28e0f2a991e71f9524f5af1
MD5 hash: f85a94ef1e9c0dca48dbecb5c8399e07
humanhash: yellow-apart-solar-winter
File name:malware_with_signature_Accelerate Technologies Ltd (29)
Download: download sample
File size:374'696 bytes
First seen:2020-08-29 08:19:56 UTC
Last seen:2020-08-29 08:36:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 75b883fc692473a6eb7f309e3f1a432d (1 x NetWire)
ssdeep 6144:EvoSa0snnWYryciR1DyceNSM8hMY76WpR1x/0lb2EsTGPiqt8FYxK:OoJ0snnW2yc5dS1F7Xfyb7WFqXA
Threatray 8 similar samples on MalwareBazaar
TLSH EC840206F58B61F1F187283058EBD17B06BBB9378837B4ABFB5D4625A473A42342D12D
Reporter JAMESWT_WT
Tags:Accelerate Technologies Ltd

Code Signing Certificate

Organisation:Accelerate Technologies Ltd
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Mar 7 00:00:00 2020 GMT
Valid to:Mar 4 23:59:59 2021 GMT
Serial number: B3F906E5E6B2CF61C5E51BE79B4E8777
Intelligence: 35 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 2B48363D587B11F2726D343E0ED1D76A2E4ADBC4A383C30CDAE41ADE0006B224
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/52829/
Detection(s):
PUA.Win.Downloader.Driverpack-6717506-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/454182
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c23b098a627d1c8449fad6756007c3b2a7ae20c3e70c74bbe4154c8b1651c84e/
Threat name:
Win32.Backdoor.Bezigate
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 16:20:32 UTC
File Type:
PE (Exe)
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1fbae4f859c40f9446d06e76a4acf496fe0a43fb93b87f87d1077ab8a4490480
6d58c8e531d65f5713f19a8caf7b6ac0f4ce25adf29a3b96aeee7de4045f409a
871e90a64852a59a33ae1e9cf32b09dc97d37edd27ac6478d51ca20363ad0529
a2976291bd9d3b613e6a026e9edb9f6ea1385d64429289443a6df08764b29464
b4b073df62d2616baff7c0c48cc6a85e5f5211aa6979fb65ac6e9b328687cec1
cc8867a5fd62b82e817afc405807f88716960af5744040999b619b126a9ecf57
d3dc4b2cf4dcc0e0ba520ab033e94a7725aa8f86c2b05d49fef5e5e1f60b7844
dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200829-6fpq3w3pve/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Bezigate
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c23b098a627d1c8449fad6756007c3b2a7ae20c3e70c74bbe4154c8b1651c84e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/52829/

Comments