MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0a2b0192c0000f747916f12c205bcbab4ba0f358d6aed8f03c6f8662a76442b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0a2b0192c0000f747916f12c205bcbab4ba0f358d6aed8f03c6f8662a76442b
SHA3-384 hash: 7d531087441778ac8c0bdc3e53d794cbe74e4064c7c81d443f2e1014757aabf82578ad1218b5982a10bd46ffb671215c
SHA1 hash: 1f685ac23cfbe5022fde7a4969fe589d8ed1835a
MD5 hash: 0b30f73b686a32ee8091b29e8617db7e
humanhash: december-jig-pluto-item
File name:0b30f73b686a32ee8091b29e8617db7e
Download: download sample
File size:3'558'706 bytes
First seen:2021-11-04 13:51:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4cfda23baf1e2e983ddfeca47a5c755a (33 x RedLineStealer, 6 x Dridex, 5 x NetSupport)
ssdeep 98304:JFFhkELlJg32TvMSPRd3fk6ggQI2x4YobnFWQWRY/Zmy:5O6USPbgV2bFW5Rny
TLSH T10BF533F06AF1B8B2E1123073B9B4A53C7BD57C2DC874A86AE782E95C34316D2A155F07
File icon (PE):PE icon
dhash icon 00414f4f4f4f4700 (14 x CoinMiner, 12 x RedLineStealer, 12 x NodeLoader)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
0b30f73b686a32ee8091b29e8617db7e
Verdict:
Malicious activity
Analysis date:
2021-11-04 13:56:35 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/842b7330-94fb-423f-98b2-df107e5eb19a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/202345/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop7.53194.14125.546.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/6183e5868eec3805367dd312/reports/b21ff636-cad6-4279-8096-72a25cdfc55b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ea71a473-3a4a-4d2f-89a6-063e5122b898
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/883250
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e0a2b0192c0000f747916f12c205bcbab4ba0f358d6aed8f03c6f8662a76442b/
Threat name:
ByteCode-MSIL.Trojan.Gorgon
Create hunting rule
Status:
Malicious
First seen:
2021-11-04 00:51:12 UTC
AV detection:
16 of 45 (35.56%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211104-q6egwaggb5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
e0a2b0192c0000f747916f12c205bcbab4ba0f358d6aed8f03c6f8662a76442b
MD5 hash:
0b30f73b686a32ee8091b29e8617db7e
SHA1 hash:
1f685ac23cfbe5022fde7a4969fe589d8ed1835a
Link:
https://www.unpac.me/results/b1e67bd9-4e98-4d4c-b256-cbd52377c202/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e0a2b0192c0000f747916f12c205bcbab4ba0f358d6aed8f03c6f8662a76442b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e0a2b0192c0000f747916f12c205bcbab4ba0f358d6aed8f03c6f8662a76442b

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1751537/
Cape
Cape
https://www.capesandbox.com/analysis/202345/

Comments


Avatar
zbet commented on 2021-11-04 13:51:50 UTC

url : hxxp://5.181.132.165/myblog/posts/191.exe