MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d37eff5e61865aa3cae865e60c443db13027a1c2a01d24caa00da99b43042c6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hive


Vendor detections: 6


Intelligence 6 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d37eff5e61865aa3cae865e60c443db13027a1c2a01d24caa00da99b43042c6c
SHA3-384 hash: 035a433fbae086867e079cdd27a4dd937b7fe2c06b4d57fd7d56ea629c7d44a7b680441ec81ef0cbaa63503393814162
SHA1 hash: ebf5f2bab4f4af2a2b24f3830c264941f4050eed
MD5 hash: 2de5ca358af5fca6ca7ea2998be25b53
humanhash: batman-ink-coffee-neptune
File name:temp.exe
Download: download sample
Signature Hive
Create hunting rule
File size:4'571'136 bytes
First seen:2022-02-09 11:12:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c8027302da1e871739f8c59e6ddb2306 (1 x Hive)
ssdeep 49152:qcDeJrkF5rb/T5vO90dL3BmAFd4A64nsfJUExJr7EETwdWt+Njaz50MFVZDBEABO:qckOdEvdZeGdF/EjsyBSu
Threatray 32 similar samples on MalwareBazaar
TLSH T109263943F99150E5C9EAD230C66E8252BB717888073123D72F61AAB63F76BDC5E78350
Reporter Anonymous
Tags:exe Hive

Intelligence

File Origin
# of uploads :
1
# of downloads :
249
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/239446/
Detection(s):
Win.Trojan.Shelma-9895456-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Creating a file in the system32 subdirectories
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/6489/overview
Behaviour
MalwareBazaar
CPUID_Instruction
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/6203a1c5c79b424d720aacf1/reports/b389fd63-db5b-4a56-9623-5127188be96c/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Garble
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/52a4d038-395e-47f3-bf14-4ab6ac782ae3
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
5 / 100
Link:
https://www.joesandbox.com/analysis/936778
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d37eff5e61865aa3cae865e60c443db13027a1c2a01d24caa00da99b43042c6c/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-02-09 04:07:21 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
8 of 28 (28.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2n7p6xtbqznkhsximxtayrb5weycpiocuaosjsvabwuzwqyefrwa._file
Verdict:
unknown
Similar samples:
4d3cf423de6f720602c72cf570b0746e2cafd32083ed77b73dd1efa36eb055a5
Hive
53e95f5ab8f18a70baf702d59c2b308fb998de4cdc06d4d7d30c450e4cdfd4e3
Hive
5cbea0c2d3f18aafe1c3ab60b3d670bcc47e4001f26c8923c3e4735e6964708c
Hive
651d7c6201d1ae3bd43152d499f0fda0a99ab919fdea6c4291863cf9edc3f5c5
Hive
664543a2800a9d4d0ebae4f742350251bb0df2a447a302032c1fe22c7c1e7398
Hive
6cc8e13f66166e615a847f9444a0258b0e7a01fb8e607c49c482b2b4d50cd829
Hive
d708ff93f30255df025e9335dd05fc2f9bd818cb0925d8889d95cb477cfc81f2
Hive
e0fb2a5d5d690e565b3430badf82d97a84b6c3e89dc1a56c53794831f5aa87fe
Hive
e709230351716712a3fc0683afa91a4855f79a07582d317ff8b449278150d4b2
Hive
eb4ed5f6140aa6e26adf5408f9924e5263b9c0fa3b66cec699f7e50eb893537c
Hive
+ 22 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220209-nbe4taacek/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Drops file in Windows directory
Unpacked files
SH256 hash:
d37eff5e61865aa3cae865e60c443db13027a1c2a01d24caa00da99b43042c6c
MD5 hash:
2de5ca358af5fca6ca7ea2998be25b53
SHA1 hash:
ebf5f2bab4f4af2a2b24f3830c264941f4050eed
Link:
https://www.unpac.me/results/d347af7e-94d2-4152-b75c-623e9f2a97b6/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:GoBinTest
Create hunting rule
Rule name:golang
Create hunting rule
Rule name:Golangmalware
Create hunting rule
Author:Dhanunjaya
Description:Malware in Golang
Rule name:HiveRansomware
Create hunting rule
Author:Dhanunjaya
Description:Yara Rule To Detect Hive V4 Ransomware
Rule name:identity_golang
Create hunting rule
Author:Eric Yocam
Description:find Golang malware
Rule name:methodology_golang_build_strings
Create hunting rule
Author:smiller
Description:Looks for PEs with a Golang build ID

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/239446/

Comments