MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ceba09dc5368ded2d7d5b62bd36fdecbd47aee8f3219abfd2ca32f31b0eba7b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ceba09dc5368ded2d7d5b62bd36fdecbd47aee8f3219abfd2ca32f31b0eba7b0
SHA3-384 hash: b13178883648071698e9d3894bb9d4a764f9faf59d203ab6ba79bca776ed274a0bc1df7f418233472fe89009fda84e40
SHA1 hash: 146a1e3d28dc53805af0dc105b4b4d0232dfa1d8
MD5 hash: 97e9bd85aad231de56b05e9872ffb2f6
humanhash: music-early-potato-texas
File name:ceba09dc5368ded2d7d5b62bd36fdecbd47aee8f3219abfd2ca32f31b0eba7b0
Download: download sample
File size:3'595'375 bytes
First seen:2020-09-08 12:17:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bff8da1d90c0229d0d07bc65980358e (1 x CobaltStrike)
ssdeep 98304:cR9jK6tmDv4phqvBfmhwnJB6Fi4CnotnbtFWbFg:gjxhqv1bn3GvVB/
TLSH 61F5336AEA608DCEC03116346AF3C03E1537107A67D1DEE897CD93E126F67397219D2A
Reporter JAMESWT_WT
Tags:47.240.45.183

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/57884/
Detection(s):
SecuriteInfo.com.BackDoor.Meterpreter.96.20261.9228.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Connection attempt
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ceba09dc5368ded2d7d5b62bd36fdecbd47aee8f3219abfd2ca32f31b0eba7b0/
Threat name:
Win64.Trojan.Shelma
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 23:19:42 UTC
File Type:
PE+ (Exe)
Extracted files:
213
AV detection:
11 of 31 (35.48%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/200908-kdk9ydj296/
Behaviour
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ceba09dc5368ded2d7d5b62bd36fdecbd47aee8f3219abfd2ca32f31b0eba7b0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/malwrhunterteam/status/1303301068730834945?s=20
Cape
Cape
https://www.capesandbox.com/analysis/57884/

Comments