MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd04a3c0863345df4cba89dd6dec6bc8e3328f77cf47965f8e7771b2b803ae54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd04a3c0863345df4cba89dd6dec6bc8e3328f77cf47965f8e7771b2b803ae54
SHA3-384 hash: b8948f15e68e85904376019cae2589f940599088db5bf640825846091d5f8b8c10425c5b6d94734e9059bb2e1b150134
SHA1 hash: 5b9b7f4db8fcc9dc8fd134f6d6de08ecc0bea728
MD5 hash: 11c9d3b36ffe20ecf66831d9939a6569
humanhash: maryland-magnesium-item-lithium
File name:11c9d3b36ffe20ecf66831d9939a6569.exe
Download: download sample
File size:566'983 bytes
First seen:2024-02-14 04:40:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ba1e4acaec55cde35f1ac06de1bc3a54
ssdeep 12288:znVOh9tuO1NOSVSXTAiNR9P8Kvyl9dO42/irwwewYzoSy+uqxXN:zVO/tumUSVSXTbZPbvyl9rcBIaf
TLSH T18CC42333924489F7C88A49748A261434AE7FFC2479C1265FF2DAF53FDE37B102A84196
TrID 35.7% (.EXE) UPX compressed Win32 Executable (27066/9/6)
35.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.9% (.EXE) Win32 Executable (generic) (4504/4/1)
File icon (PE):PE icon
dhash icon aae8cc9aba9490e9
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
None C2:
191.248.177.208:15833

Intelligence

File Origin
# of uploads :
1
# of downloads :
354
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/476073/
Detection(s):
Win.Trojan.Agent-684491
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
emotet fingerprint hook keylogger lolbin overlay packed packed packed shell32 upx
Link:
https://www.filescan.io/uploads/65cc445ebef28d0c6fb7c4fb/reports/e81669a4-bfdd-4696-873c-938e4eca16dc/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/cd04a3c0863345df4cba89dd6dec6bc8e3328f77cf47965f8e7771b2b803ae54
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/176c0412-67d8-4290-a890-b93d09cb9959
Result
Threat name:
n/a
Detection:
suspicious
Classification:
n/a
Score:
39 / 100
Link:
https://www.joesandbox.com/analysis/1391901
Signature
Creates autostart registry keys with suspicious names
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
76%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/cd04a3c0863345df4cba89dd6dec6bc8e3328f77cf47965f8e7771b2b803ae54
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd04a3c0863345df4cba89dd6dec6bc8e3328f77cf47965f8e7771b2b803ae54/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zuckhqeggnc56tf2rhow33dlzdrtfd3xz5dzmx4oo5y3foadvzka._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence upx
Link:
https://tria.ge/reports/240214-fa359aae35/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Adds Run key to start application
UPX packed file
Unpacked files
SH256 hash:
c828baaeb7c900a91a48143b31d8e9cb4607d5872f2396f543adc8d41c50929a
MD5 hash:
506d2dd28324f0d3b0cb54ba9350d17a
SHA1 hash:
bb6453d1bcc81ff8a60fe8a8e631f36fe6b3b904
Link:
https://www.unpac.me/results/78ca8e4b-be2d-4e69-a8a3-406f4a6eee16/
SH256 hash:
cd04a3c0863345df4cba89dd6dec6bc8e3328f77cf47965f8e7771b2b803ae54
MD5 hash:
11c9d3b36ffe20ecf66831d9939a6569
SHA1 hash:
5b9b7f4db8fcc9dc8fd134f6d6de08ecc0bea728
Link:
https://www.unpac.me/results/78ca8e4b-be2d-4e69-a8a3-406f4a6eee16/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cd04a3c0863345df4cba89dd6dec6bc8e3328f77cf47965f8e7771b2b803ae54

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:UPX293300LZMAMarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXv20MarkusLaszloReiser
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/476073/

Comments