MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e11a90704ac0ea7eacb7d9eeda4a6db1e6fb3f21402d06429617f9af69d0a1b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e11a90704ac0ea7eacb7d9eeda4a6db1e6fb3f21402d06429617f9af69d0a1b8
SHA3-384 hash: fe38a57fbf640acd7a901d5f9aceceb9ee709c79dc39d894fd9b3d4881e68478384ddf567e913222630f83db100bf27c
SHA1 hash: e787e5df85a1c6f821925b1150f3f829740ef9b6
MD5 hash: 2bd18b0ce7aa8dfaee0e922090aae138
humanhash: angel-hydrogen-colorado-lemon
File name:2bd18b0ce7aa8dfaee0e922090aae138
Download: download sample
File size:7'168 bytes
First seen:2021-09-14 11:48:42 UTC
Last seen:2021-09-14 14:56:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d4fccbf39f0b0e9e3b5577d3527b4e69
ssdeep 96:2qUneX10H8fJTIbuAFo+7Ptboynun/AqyCtGdYX7E:aeX7aP1oynW/A0eG
Threatray 70 similar samples on MalwareBazaar
TLSH T1F6E1D70B4BA401A0F2960AF01ABB9A5D99BF1C330375E4EF727FD1495775720A8027BE
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2bd18b0ce7aa8dfaee0e922090aae138
Verdict:
Suspicious activity
Analysis date:
2021-09-14 11:49:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/331c8d9f-37f3-4e94-bd93-ce6350d351ef

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/187804/
Detection(s):
SecuriteInfo.com.Generic.Malware.Sdld.CD6F7FD7.5533.9870.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/61750ed0db358dd15ed9225f/reports/1947531f-ab76-45dc-b39e-64456ff78491/overview
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8a498411-7c46-4474-9a78-af116ae5ba5a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/850655
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Drops PE files to the user root directory
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses shutdown.exe to shutdown or reboot the system
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 483084 Sample: 1jqUUC0fBX Startdate: 14/09/2021 Architecture: WINDOWS Score: 100 71 Multi AV Scanner detection for domain / URL 2->71 73 Antivirus / Scanner detection for submitted sample 2->73 75 Multi AV Scanner detection for dropped file 2->75 77 2 other signatures 2->77 8 1jqUUC0fBX.exe 2 16 2->8         started        13 wincfg.exe 9 2->13         started        15 wincfg.exe 9 2->15         started        17 wincfg.exe 9 2->17         started        process3 dnsIp4 67 185.215.113.84, 49740, 80 WHOLESALECONNECTIONSNL Portugal 8->67 57 C:\Users\user\wincfg.exe, PE32+ 8->57 dropped 59 C:\Users\user\AppData\Local\...\ec[1].exe, PE32+ 8->59 dropped 95 Drops PE files to the user root directory 8->95 97 Hides that the sample has been downloaded from the Internet (zone.identifier) 8->97 19 wincfg.exe 9 8->19         started        23 cmd.exe 1 8->23         started        69 192.168.2.1 unknown unknown 13->69 61 C:\Users\user\AppData\Local\...\Defender.exe, PE32+ 13->61 dropped 25 cmd.exe 1 13->25         started        63 C:\Users\user\AppData\Local\...\Defender.exe, PE32+ 15->63 dropped 27 cmd.exe 1 15->27         started        65 C:\Users\user\AppData\Local\...\Defender.exe, PE32+ 17->65 dropped 29 cmd.exe 1 17->29         started        file5 signatures6 process7 file8 55 C:\Users\user\AppData\Local\...\Defender.exe, PE32+ 19->55 dropped 85 Multi AV Scanner detection for dropped file 19->85 31 cmd.exe 1 19->31         started        87 Uses shutdown.exe to shutdown or reboot the system 23->87 33 conhost.exe 23->33         started        35 shutdown.exe 1 23->35         started        37 Defender.exe 1 25->37         started        40 conhost.exe 25->40         started        42 Defender.exe 1 27->42         started        44 conhost.exe 27->44         started        46 Defender.exe 1 29->46         started        48 conhost.exe 29->48         started        signatures9 process10 signatures11 50 Defender.exe 1 31->50         started        53 conhost.exe 31->53         started        89 Antivirus detection for dropped file 42->89 91 Multi AV Scanner detection for dropped file 42->91 93 Machine Learning detection for dropped file 42->93 process12 signatures13 79 Antivirus detection for dropped file 50->79 81 Multi AV Scanner detection for dropped file 50->81 83 Machine Learning detection for dropped file 50->83
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e11a90704ac0ea7eacb7d9eeda4a6db1e6fb3f21402d06429617f9af69d0a1b8/
Threat name:
Win32.Trojan.Sabsik
Create hunting rule
Status:
Malicious
First seen:
2021-09-14 03:21:56 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1f79ce7d7716512af2a93caf014f302846d5f41ff9850af71120c7fed2bf5845
33358691144fd04943b0de774643ba673448b6d7e616d482beb5200d09f9beeb
46802842ff967e3810af08e372b0f969de57f2ed826498398c5367525fec0bc9
590e531489556cfb9de022bc52bce2489c3609e693209c59fdce5698c6fc0be3
6b664d6b89eabbac55c8927fa29d2669ba629a40f1abbf12d76f8d9b14e4facb
88c642b1fa43b77487f3916dd95ac236189971475c3289c745dc45a739e6453f
b14a43816be48e5624a82bc768011389daf67645ae8cfe2078a9ee523d8e8afe
bd85259d7078c4fc3749bde57165848d3575d32bcb45d88572cd4d6c73b89170
ceddcfa72226e91f7435facafe6631d1385ca4d246d242d5136ac4e9462b8611
+ 60 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence upx
Link:
https://tria.ge/reports/210914-ny1n2affc5/
Behaviour
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Adds Run key to start application
Loads dropped DLL
Downloads MZ/PE file
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
e11a90704ac0ea7eacb7d9eeda4a6db1e6fb3f21402d06429617f9af69d0a1b8
MD5 hash:
2bd18b0ce7aa8dfaee0e922090aae138
SHA1 hash:
e787e5df85a1c6f821925b1150f3f829740ef9b6
Link:
https://www.unpac.me/results/e7ced87e-760b-43e1-94d5-d05d7258e038/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/e11a90704ac0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e11a90704ac0ea7eacb7d9eeda4a6db1e6fb3f21402d06429617f9af69d0a1b8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e11a90704ac0ea7eacb7d9eeda4a6db1e6fb3f21402d06429617f9af69d0a1b8

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1618876/
Cape
Cape
https://www.capesandbox.com/analysis/187804/

Comments


Avatar
zbet commented on 2021-09-14 11:48:43 UTC

url : hxxp://185.215.113.84/loadetc.exe