MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c50553b262fcae812720a5cfb9b1646eabfcc88d4658e3cfcb78c3d33539c23b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c50553b262fcae812720a5cfb9b1646eabfcc88d4658e3cfcb78c3d33539c23b
SHA3-384 hash: ae6f2fb5306cd2342f16052b208201722ba09ff1a4711a9a424d42731ff5a68a4a02c4ff0c320b8923f8ab911c2fb4a9
SHA1 hash: 3482d2f3cde595c22ef743568053d0720b8180f4
MD5 hash: d9bea4251a1a7b4748a95b84876dc615
humanhash: mockingbird-kansas-cardinal-green
File name:SecuriteInfo.com.Variant.Tedy.225777.2410.30518
Download: download sample
File size:6'144 bytes
First seen:2022-10-25 09:23:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0b708168a42db2851ec2ffac91ed7821
ssdeep 96:3KZQyLhEoUjvgVGU+2JW4F0pYEW+4oyn0Tv9ukbXx:WQym+GU+P4F0pYF+4oyn04
Threatray 122 similar samples on MalwareBazaar
TLSH T146C1F71BA64004C7FB1D8AF0033B483CDA7F9F23071102F368A3D98597F9B813812A5A
TrID 31.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
25.3% (.SCR) Windows screen saver (13101/52/3)
12.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.6% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
192
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
formbook
Create hunting rule
ID:
1
File name:
REF344266679_pdf.exe
Verdict:
Malicious activity
Analysis date:
2022-10-25 03:41:00 UTC
Tags:
formbook trojan stealer
Link:
https://app.any.run/tasks/7afe23d8-9dea-4812-83b1-7f95575b2b6d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/323884/
Detection(s):
SecuriteInfo.com.Variant.Tedy.225777.2410.30518.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/45330/overview
Behaviour
MalwareBazaar
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8ca9b72e-36ac-4512-8019-049256ef6e9b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1097393
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c50553b262fcae812720a5cfb9b1646eabfcc88d4658e3cfcb78c3d33539c23b/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2022-10-24 09:22:48 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yucvhmtc7sxicjzauxh3tmlen2v7zsenizmoht6lpdb5gnjzyi5q._file
Verdict:
malicious
Similar samples:
12c5688e077824b181e38335ed2d314c7775c5b31012092e717ba7ba952d36c9
160fc8e97dd1545ee53b9baf403ecd0d6dd354ca08bb1817d34a9cfe49300bc9
1e1044a5fca7d725f705b74d85e178a89ad0b35e061a2dde278e765f584ec710
57e9ce8a8b2ed57e367fe58657005e73fd3bd1d13ad7de0a70b9bd46656737f8
6888e194060bb08654695e493067e6bdc3dc2054e87a2eb03f4024fd331197c7
6cfd1167777006598f5eb5d1c08e1434aefe606dfd983c683a8f14639d56d053
+ 112 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221025-lc2m4acbdn/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/428687a8-91ec-4ee4-bfce-8a2581f6fafd
Unpacked files
SH256 hash:
c50553b262fcae812720a5cfb9b1646eabfcc88d4658e3cfcb78c3d33539c23b
MD5 hash:
d9bea4251a1a7b4748a95b84876dc615
SHA1 hash:
3482d2f3cde595c22ef743568053d0720b8180f4
Link:
https://www.unpac.me/results/32649a25-4083-443b-99b2-297b3476f2e7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c50553b262fcae812720a5cfb9b1646eabfcc88d4658e3cfcb78c3d33539c23b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/323884/

Comments