MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8cbd0df239989e75ff0a2465fe43c81ee244c50df2cf98b5af22e0e294f2b02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8cbd0df239989e75ff0a2465fe43c81ee244c50df2cf98b5af22e0e294f2b02
SHA3-384 hash: 81ceb3f9765c78161bd25e26336fc6107206076ac67835d8b66cc5d360f065307308adf052aa3387129ee19e8c07c60b
SHA1 hash: 00b76741af73f678a302e576c78ffb96fb12dae4
MD5 hash: e68bf5296dd087d65d31ed88daa96159
humanhash: six-fourteen-grey-sink
File name:e68bf5296dd087d65d31ed88daa96159
Download: download sample
File size:18'944 bytes
First seen:2022-02-18 06:51:34 UTC
Last seen:2022-02-18 09:03:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 384:p6M8+XnGQMYsyusu7DU72TvTXIrTbnVAN00wyTRFToo8O5oSgYf5OWrzO:K+3GDy+DUg8be5Doo8TCf
Threatray 21 similar samples on MalwareBazaar
TLSH T1278209197BE89236FDBF0F7258B171518275F2532527DA1D28C5429D5A32B80C721BFC
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
211
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/242444/
Detection(s):
SecuriteInfo.com.Variant.MSILHeracles.34622.23959.350.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm cmd.exe dllhost.exe obfuscated packed
Link:
https://www.filescan.io/uploads/620f4214875593a3cce33aa0/reports/136e389e-eb6d-41d9-aa71-33eecb054987/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/942042
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d8cbd0df239989e75ff0a2465fe43c81ee244c50df2cf98b5af22e0e294f2b02/
Threat name:
ByteCode-MSIL.Trojan.Heracles
Create hunting rule
Status:
Malicious
First seen:
2022-02-18 06:52:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
24fe35fea083b89f0cc62ef8b9df0de29395be57b0ee1b160229d667785b6bf0
77fcb4636a483ee37fdb9b76a082b64a1338c8d4c45a8a77e91791e475e6d9fa
93976cb0c0ed15a2e61a2bb20e6d5394c64e756d7c5f56bdc5e6ed8221210c55
9bd02c78d6dc379e0906312cbf3feee3df113f1837cd41d4e13b0d07e96c5233
c57ec94c7fed128887694b07d817af02c2d19aac98d8d1fbd4004a8accee4ee5
c5ef496efd17944ebe2fb644d744ab1c466fbd5264f4cfc2e458a3cacc39273a
d7e79c2a5bc37f841e507770e28242740f3b2e076e45a4b5246ae0d1885692b8
f1a11f00ce1ff509fa6039cc1ecc147f6f4e83d15d9c27f6a2a97da78c0512ba
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220218-hm325acgaq/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Unpacked files
SH256 hash:
d8cbd0df239989e75ff0a2465fe43c81ee244c50df2cf98b5af22e0e294f2b02
MD5 hash:
e68bf5296dd087d65d31ed88daa96159
SHA1 hash:
00b76741af73f678a302e576c78ffb96fb12dae4
Link:
https://www.unpac.me/results/239badec-ad2a-4e30-9a52-4628d7cb67f8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/d8cbd0df239989e75ff0a2465fe43c81ee244c50df2cf98b5af22e0e294f2b02

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d8cbd0df239989e75ff0a2465fe43c81ee244c50df2cf98b5af22e0e294f2b02

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2019185/
Cape
Cape
https://www.capesandbox.com/analysis/242444/

Comments


Avatar
zbet commented on 2022-02-18 06:51:38 UTC

url : hxxp://62.197.136.229/build.exe