MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb470d77087518ed7bc53ca624806c265ae2485d40ec212acc2559720940fb27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb470d77087518ed7bc53ca624806c265ae2485d40ec212acc2559720940fb27
SHA3-384 hash: f8b527ea148505b645993656866c3f059b03b6250484b516ce77cbff6a7999dc192d6559ca70b8446e6611372aa9397d
SHA1 hash: d9d40cb3e2fe05cf223dc0b592a592c132340042
MD5 hash: 83863beee3502e42ced7e4b6dacb9eac
humanhash: low-skylark-artist-grey
File name:cb470d77087518ed7bc53ca624806c265ae2485d40ec212acc2559720940fb27.exe
Download: download sample
File size:1'635'112 bytes
First seen:2023-04-22 01:05:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 01c1fa6b7b1ef3853014170a206e5f32
ssdeep 6144:lkxsldgbztkAzkAZqrEdrEAZUCwFjNNJKa:lkxsluNPqrEdrEBd
TLSH T11B759882B93DEC63FD9C38F0C886AD583C0D3E9666AF34AF357AF65994339109680D15
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 59a88d8c6a4a0118 (9 x CobaltStrike, 3 x PureCrypter, 1 x RemcosRAT)
Reporter spatronn2
Tags:exe signed

Code Signing Certificate

Organisation:Microsoft Corporation
Issuer:Microsoft Code Signing PCA 2010
Algorithm:sha256WithRSAEncryption
Valid from:2020-12-15T21:24:20Z
Valid to:2021-12-02T21:24:20Z
Serial number: 33000003de8d56825af1a4a9670000000003de
Thumbprint Algorithm:SHA256
Thumbprint: 22a3c23e08c7dbb4e7f4591e58c04285c0514c2894e3c418ad157d817d7edf3c
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
203
Origin country :
TR TR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d1455c42553fab54e78c874525c812aaefb1f3cc69f9c314649bd6e4e57b9fa9.iso
Verdict:
Suspicious activity
Analysis date:
2023-04-22 01:25:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4dcb6d3d-d8e7-483a-8bc9-48ac2560efe7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/384086/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/80849/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Unknown
Threat level:
n/a  -.1/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/644332fb90012911b698e99b/reports/12198d0f-700b-46c0-9df3-82cc313e06e8/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/cb470d77087518ed7bc53ca624806c265ae2485d40ec212acc2559720940fb27
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a37cf9f1-5ff6-4261-9945-3376e1390a24
Result
Threat name:
n/a
Detection:
suspicious
Classification:
n/a
Score:
36 / 100
Link:
https://www.joesandbox.com/analysis/1218970
Signature
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb470d77087518ed7bc53ca624806c265ae2485d40ec212acc2559720940fb27/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zndq25yioumo266fhstcjadmeznoesc5idwcckwmevmxecka7mtq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230422-bf3z8adc31/
Unpacked files
SH256 hash:
cb470d77087518ed7bc53ca624806c265ae2485d40ec212acc2559720940fb27
MD5 hash:
83863beee3502e42ced7e4b6dacb9eac
SHA1 hash:
d9d40cb3e2fe05cf223dc0b592a592c132340042
Link:
https://www.unpac.me/results/3fccd750-029a-457c-b7e1-c23376826184/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cb470d77087518ed7bc53ca624806c265ae2485d40ec212acc2559720940fb27

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/384086/

Comments