MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de3c4f44750bd326f95f0ac58e2e6e7c55a0e1ccdac632ea7b8c9e94847f4013. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	de3c4f44750bd326f95f0ac58e2e6e7c55a0e1ccdac632ea7b8c9e94847f4013
SHA3-384 hash:	ec849556fe2cd46a3884f5a3c7c7c395b58239ae1989e3f7c3d136db8e89140e06d924fb434eef0b1bac9af443a10af3
SHA1 hash:	3fd38c071c8f9669e8f86554832dba87f28e28a6
MD5 hash:	93c09f4bf1e64086034984b0cddecc9a
humanhash:	illinois-tennessee-burger-golf
File name:	Delivery_Update.jar.msi
Download:	download sample
File size:	1'169'380 bytes
First seen:	2022-01-06 21:18:01 UTC
Last seen:	Never
File type:	msi
MIME type:	application/x-msi
ssdeep	24576:Blgq+3Nn7BjlpOu3LBCvAq23Nn7BjlpOu3dASNn:BlgJ3Nn7BxwubBCvAF3Nn7BxwutAs
Threatray	12 similar samples on MalwareBazaar
TLSH	T1A7457B2136C79B32D493127155AEA3610A3EEC704B718287729C7B9E2FB27C0673579B
Reporter	Anonymous
Tags:	msi

Intelligence

File Origin

# of uploads :

1

# of downloads :

190

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Strrat

Link:

https://www.capesandbox.com/analysis/217612/

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/61d75c941c0d769df9d3e70d/reports/0b006213-6a76-4e4d-bed8-13e7448748ca/overview

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/de3c4f44750bd326f95f0ac58e2e6e7c55a0e1ccdac632ea7b8c9e94847f4013

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

6 / 100

Link:

https://www.joesandbox.com/analysis/916534

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/de3c4f44750bd326f95f0ac58e2e6e7c55a0e1ccdac632ea7b8c9e94847f4013/

Threat name:

ByteCode-JAVA.Trojan.AdWind

Status:

Malicious

First seen:

2022-01-06 21:18:19 UTC

File Type:

Binary (Archive)

Extracted files:

170

AV detection:

13 of 43 (30.23%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

03766f638bf979a74b47a65f3398efdf943f2b84c3a344ee5f22dbb9e67b0bee

0b3ec79751b73aa58e7c71e691d970b00f48f6439f3d0067d269fc2ddef16881

68140fdf1563b5854fe87fc752ea80acdc5489d76a0df95ac8659c8bbc4b3cf5

7dbbb75970df18a597d9412b79c0982611579eb7fc72d99849be432d8b39e7f4

88cf17e48cf72f38ea94c047cf5c6dbfad02f75e9416155aa47794f34166b091

ab57668bf754c5e449aed5e4f3fc1a4c62f823e30d84d4e53f57834bdba5cee0

aecbd5684b044980ef4d172bee9e7dedaf1f387af35129342ed3e205a8b1a70b

b45b0613f994769e460de419e2aac46863e303e833d43369f2647bac3a8260e6

b6079b972c7bfe1b631b7e4776ce306b3cd818e479ca5cf1b53ca4345b4fd854

d4a62858eadebabc11434a4a7939a9d482e3737dbdc892f0702ec37070ede3d8

+ 2 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://tria.ge/reports/220106-z5mljacaen/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates connected drives

Loads dropped DLL

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/de3c4f44750bd326f95f0ac58e2e6e7c55a0e1ccdac632ea7b8c9e94847f4013

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

Cape

Cape

https://www.capesandbox.com/analysis/217612/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample