MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf68ac02858c0053067b47b24338b564aeb92f25310765a2bad8928174285a62. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf68ac02858c0053067b47b24338b564aeb92f25310765a2bad8928174285a62
SHA3-384 hash: b6b2a94a519650b9cf76d9e3b8e9d73051cb29b05ca29c78da6f07f8094973e611f147a11426fe74e273aa215b482d14
SHA1 hash: 9bcd1a8c850432dcb0295cb7babe45b147605eb0
MD5 hash: 2236d4ef467885abc841c8abd0f827b9
humanhash: georgia-carpet-vermont-beryllium
File name:main.abc.exe
Download: download sample
File size:33'228'400 bytes
First seen:2022-04-03 17:41:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d1de500e42d2702177623521d4e86120
ssdeep 786432:QUrKNDNnrCb3G1FLJdPAPELz2auuxFMz7gw2aPxx:Ql+bG1FLJlzcuxFMfgSx
Threatray 1'543 similar samples on MalwareBazaar
TLSH T198773325D5B729DEE48E6136EB485012AA39783C0350862797FE3B1C7C87F6449AF3D8
Reporter unidentified0xc
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
648
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Moving a file to the %temp% subdirectory
Сreating synchronization primitives
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug expand.exe overlay packed python shell32.dll
Link:
https://www.filescan.io/uploads/6249dc6b1f2042394877a83e/reports/7907880c-f249-48b0-bab5-3bc9043a1059/overview
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/969598
Signature
DLL side loading technique detected
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Gathering data
Verdict:
unknown
Similar samples:
348f79dc98ed91d11dea91d8295eac25cbd8a67daaa52ab0120708d2c7bde40c
437f639d05da27e1909877e3f8c39f70ee5d525a8be7c631e69f4141db287ab6
438a7ec2cc82a114b13aa6b44ae9b044597d1d0643ec1d138a39fe24628fe4df
4e7105da7face5917f66842ba73810d29826cb971140f9da2b0efb7a37de3c0e
4fa28556557b228a0cabb6a51597217e09afdf58a140b1181f0bd8325e6e4d0f
6399814e06253b852792dccb2e02cd468233cf5ada2ed39e5f7202e8d24f8901
babf526ebe596643961a64b67dea3846f45355f4852f560046f06b633141b2a3
cd405e770529383fa2faaa18d006bd308d72a18995f808229677a2f803d2de96
d023f36a47d4d81491c3ffc7192669199441d7388c159f59414b3b5f137c519a
fde6da45bacb901c194e7443ed04aba47a388cb5ee4fb193f0e528e1abc4cabb
+ 1'533 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220403-v9zz7sfeej/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/cf68ac02858c0053067b47b24338b564aeb92f25310765a2bad8928174285a62

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments