MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfe0ce3795f3c45d3945d05c010f35e08e42036045e41aa3cf63cb1fb32d2ca6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cfe0ce3795f3c45d3945d05c010f35e08e42036045e41aa3cf63cb1fb32d2ca6
SHA3-384 hash: 18f2a8e9c40d338b5b6ae2ecc69de924a40366b8e2464d940d9977a3e969ae02aece2ec1f624c6a01643ef21ebd40e8b
SHA1 hash: 0b45d36ff85b24d55f230de28994908e5049fe5d
MD5 hash: 1646d439aa79da8fa23036ca11e3a633
humanhash: cold-comet-quiet-juliet
File name:IMG-110021110.exe
Download: download sample
File size:120'832 bytes
First seen:2023-04-14 17:37:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:RftygMOvHcyhICAkHZckDfVQPJ/WWXVC:4e9Ak5b
Threatray 66 similar samples on MalwareBazaar
TLSH T19BC39307BE9E85B9CF855736C4FE61002761DE41E623CB0A3E9A33660B737EE9945207
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 4f8faaacacaaa90f
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
241
Origin country :
CH CH
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
IMG-110021110.img
Verdict:
No threats detected
Analysis date:
2023-04-13 13:30:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/87bfc62d-e839-4361-9df3-4f8e6c97d982

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/382321/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.66393317.8764.29203.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Using the Windows Management Instrumentation requests
Creating a file
Launching a process
Launching the default Windows debugger (dwwin.exe)
Enabling autorun by creating a file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
fareit
Link:
https://www.filescan.io/uploads/64398f7bf4a1f6ede14ecba9/reports/3be21bd0-1222-4a56-a041-68d7a2f74d5f/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/cfe0ce3795f3c45d3945d05c010f35e08e42036045e41aa3cf63cb1fb32d2ca6
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/a5d629eb-3e70-48d8-a5bb-cd64fac39a07
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1214092
Signature
Antivirus detection for URL or domain
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Uses dynamic DNS services
Uses the Telegram API (likely for C&C communication)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cfe0ce3795f3c45d3945d05c010f35e08e42036045e41aa3cf63cb1fb32d2ca6/
Threat name:
ByteCode-MSIL.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2023-04-13 16:26:09 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
3
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z7qm4n4v6pcf2okf2boacdzv4cheea3aixsbvi6pmpfr7mznfsta._file
Verdict:
malicious
Similar samples:
159d98362df9853029651ed00cc363dbada760b2427150ffa23e7827e205b882
255b221e4d9e29dc80a8cf0d95c52e29b4b1f6fcbd467a19e0d7dc7689a07f86
50ed2d8e8d8d0509b7eb41eb7dd0b510b1d74d0fd283eccca2764a79c4e55493
57ba6e0a9c0804c9a3d239dc6fb2a6742f3a91b762741772dd3571e1cbec45f8
67449f4373d558c5e67053ccef4c40508fb185044e1143e51ebf6e5e1e6fb7e2
71b1e17a2aa5eb3f0c6b51671ad2a1bc705042152c4ab74db3e15d4e5a68d0d8
c0ee259c92c30dcd710e13a44ec8899aa527998ab2431d1e4cb1de94db939718
c49581276fbe902d0ec614fb7aea1aeb35ee356af07f7e84fd6cac5ec2511b6e
cadf95355bd6ea18fdd3555ea3f85d102f40b3df0dc36b332f9ad8b505105f6e
+ 56 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230414-v7prfscd7t/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Program crash
Unpacked files
SH256 hash:
cfe0ce3795f3c45d3945d05c010f35e08e42036045e41aa3cf63cb1fb32d2ca6
MD5 hash:
1646d439aa79da8fa23036ca11e3a633
SHA1 hash:
0b45d36ff85b24d55f230de28994908e5049fe5d
Link:
https://www.unpac.me/results/1aa7a1af-1f00-4c49-bab1-1016b58a01e3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cfe0ce3795f3c45d3945d05c010f35e08e42036045e41aa3cf63cb1fb32d2ca6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe cfe0ce3795f3c45d3945d05c010f35e08e42036045e41aa3cf63cb1fb32d2ca6

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/382321/

Comments