MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0e378ec26b4930f9705d8fb24e6d1d09a24f94b5b90b4b9a2c1541116e53f77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 4 File information Comments

SHA256 hash:	e0e378ec26b4930f9705d8fb24e6d1d09a24f94b5b90b4b9a2c1541116e53f77
SHA3-384 hash:	bb4b3f5c1544e7be44b66141c5a795405efd9c7b414c31a766435f988b325dee35c542b4d4c0a8ff1f0b21db4eac5bde
SHA1 hash:	f46dd1968ba5ece732c8a6cc2946a0cb023da31e
MD5 hash:	54da5c74dcdc847c7da4a5100f5a34c2
humanhash:	network-king-skylark-nitrogen
File name:	54da5c74_by_Libranalysis
Download:	download sample
File size:	95'744 bytes
First seen:	2021-05-05 09:03:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	5df42b4df4ef7fcda6cd9886bb63d5c8 (2 x Jadtre, 2 x Wapomi)
ssdeep	1536:FrScUmIreNPpj4qPVE2K8PQmf6+tncQuI+IsWoTcdIxzhFjcLqlcEGCq2iW7z:FmeNPpcqNVDPQU6ucPiIxzhFj0G9GCH
Threatray	1'814 similar samples on MalwareBazaar
TLSH	E0938C13B5C1D472E4B61D365870D9A19A2FF9210F75CEBB2398023A4F680D1AD36E7B
Reporter	Libranalysis

Libranalysis

Uploaded as part of the sample sharing project

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/150125/

Detection(s):

PUA.Win.Packer.Asprotect-3

Win.Trojan.Agent-7851686-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Creating a process from a recently created file

Changing an executable file

Creating a window

DNS request

Modifying an executable file

Sending a UDP request

Infecting executable files

Sending an HTTP GET request to an infection source

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/52576e3f-9c5c-4905-9318-919ec05cd8de

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e0e378ec26b4930f9705d8fb24e6d1d09a24f94b5b90b4b9a2c1541116e53f77/

Threat name:

Win32.Virus.Wapomi

Status:

Malicious

First seen:

2020-05-06 19:33:00 UTC

AV detection:

30 of 31 (96.77%)

Threat level:

5/5

Verdict:

unknown

31156f82bcd06b0f206c65aad06e65ba55868d6ae7a63c1f6939b7a5c2e198f8

64ae52e978fe48c65e909c47332af1c73048dae656fe4d51189acba140b992b2

9b70a1bcc0ec0b0e21ed4958bf861ef0c4049da761ddd2845ea46c2bb617c346

aa89e89ead0c0cf1bc6c92e6f851cd2df35c30baaabe11f0d0ad0665ca8290c6

ad07cecb5752c7875f014e8ab296d1176a0147679da9bd84f5762004eaa9e581

ba7dd90bf8bd6a1dc665c8860c09489ea5531d739e55be0321bd85478b03c95f

c051ab665be7fb2a8b9125ccadc1dd4899abb27748b1209a5feee6cf62ee1290

cc3cc6a1905bcacf25dd804f51b1856cea7f69f751d8981a1fe34d1b77a8a494

ed84620f1fb9e2966299bdcd66403a6ff9a3ed063cc83fc084d1d7942db66be7

+ 1'804 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

aspackv2

Link:

https://tria.ge/reports/210505-wywc6anjxe/

Behaviour

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Drops file in Program Files directory

Loads dropped DLL

ASPack v2.12-2.42

Executes dropped EXE

Unpacked files

SH256 hash:

1e7d06e4d8a520cbb8c641753ebccebb3c53a65dbffe7b506fccaa6f15506d87

MD5 hash:

bc11673ba0355c50df876e613ac1424b

SHA1 hash:

cec40b73d4f1cffca5663b6176309f3d5cf9b74b

Detections:

win_unidentified_045_g0

win_unidentified_045_auto

Link:

https://www.unpac.me/results/f3e9d36f-27f8-4b4a-a960-52745952f317/

SH256 hash:

e0e378ec26b4930f9705d8fb24e6d1d09a24f94b5b90b4b9a2c1541116e53f77

MD5 hash:

54da5c74dcdc847c7da4a5100f5a34c2

SHA1 hash:

f46dd1968ba5ece732c8a6cc2946a0cb023da31e

Link:

https://www.unpac.me/results/f3e9d36f-27f8-4b4a-a960-52745952f317/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Darkshell

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e0e378ec26b4930f9705d8fb24e6d1d09a24f94b5b90b4b9a2c1541116e53f77

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_EXE_Packed_ASPack Create hunting rule
Author:	ditekSHen
Description:	Detects executables packed with ASPack

Rule name:	suspicious_packer_section Create hunting rule
Author:	@j0sm1
Description:	The packer/protector section names/keywords
Reference:	http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

Rule name:	win_unidentified_045_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

Rule name:	win_unidentified_045_g0 Create hunting rule
Author:	Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>
Description:	Unknown 045

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/150125/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample