MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d463ea06006b8bcb47b1af63a5aad98da58e6bd11015be488567c63f533852c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d463ea06006b8bcb47b1af63a5aad98da58e6bd11015be488567c63f533852c7
SHA3-384 hash: 7663ec7115f875664f160d9846dddc25ff7a3ac4bf04fb41533bacf9b4d433e9ef3ac5196bc4a4eee0dd1ee92cb18845
SHA1 hash: f1ed8061980441185bb3b1810b63cf3f1fa16ebd
MD5 hash: a629cefc7c973fdf6b6ee297ca2118b8
humanhash: kentucky-idaho-illinois-uncle
File name:SecuriteInfo.com.Variant.Babar.112901.27529.32760
Download: download sample
File size:6'144 bytes
First seen:2022-10-31 19:20:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8f154a13ba78b003cfce18886d13160c
ssdeep 48:vpgRfDNePBkg38zmi7hzpFdfdYOiuLQVYs4vs1SA/QcW0GFm3YmR0SnM:BV86mzbdfdY9usbGsI9cT4GVR0SM
Threatray 10 similar samples on MalwareBazaar
TLSH T166C160D3258008F5C54ED7B906B31B5C3B9802A6034186F7ACC99E0E5AF5BE8AC7677D
TrID 42.7% (.EXE) Win32 Executable (generic) (4505/5/1)
19.2% (.EXE) OS/2 Executable (generic) (2029/13)
19.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.9% (.EXE) DOS Executable Generic (2000/1)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
263
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
invoice.exe
Verdict:
Malicious activity
Analysis date:
2022-10-31 15:29:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b5312eba-b474-4851-9aea-b9221f116e70

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/326560/
Detection(s):
SecuriteInfo.com.Variant.Babar.112901.27529.32760.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/47083/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
babar
Link:
https://www.filescan.io/uploads/6360201fce1f43143c2a3968/reports/e6b122e2-22eb-468a-8336-73cfa4d6ce93/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/d6396220-7986-4cb5-9256-cc594302526f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1102007
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d463ea06006b8bcb47b1af63a5aad98da58e6bd11015be488567c63f533852c7/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2022-10-31 13:01:59 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2rr6ubqanof4wr5rv5r2lkwzrwsy426rcak34sefm7dd6uzykldq._file
Verdict:
malicious
Similar samples:
1e1725100ca63de1addb3e668dbbef572a683beb2bf3c1648181ec1cc3479cf5
31a23d6b013eb681edaddba32e060c000a6d3f3a101778698bafce098300167e
372b3a223a2ce51392f3114a220846a2e09eed6fad4406b1ac1520f6dab236bf
3bf6c8042b94c40a935e85e7bb1999c7c5baf415b7cc687d6b667c6380aa1a62
46625dc48986048946fe26c64a8ff5d81bb213eca3bdf676cd14bd13e541dfeb
72cc3164c2a376bef4c369767f730266d853ecb843566afe00a46a5d5286036f
90cad58e23ade1bb1e1b160dae41f79c2c9a13e8398ea32fab7bf0824b9d06e5
ec6770e9c71a5d2ad3a02abc33df808762fb1259e3657ba356a1906dee2cbee8
fb71588ec4287cc5163421466b826efc368207201324bb556d652dc5e3ab03fa
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221031-x2m2sadahp/
Unpacked files
SH256 hash:
d463ea06006b8bcb47b1af63a5aad98da58e6bd11015be488567c63f533852c7
MD5 hash:
a629cefc7c973fdf6b6ee297ca2118b8
SHA1 hash:
f1ed8061980441185bb3b1810b63cf3f1fa16ebd
Link:
https://www.unpac.me/results/d8b94baf-340c-4131-9fd7-e1fea4d1efde/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d463ea06006b8bcb47b1af63a5aad98da58e6bd11015be488567c63f533852c7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/326560/

Comments