MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e35b7bb2535c7c6000180e8cfafdc6d2e20c12c3fc3895a85ca2c55a6c1401f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e35b7bb2535c7c6000180e8cfafdc6d2e20c12c3fc3895a85ca2c55a6c1401f9
SHA3-384 hash: 91377a95b79c61044c899c4560dc02ee0c55390f8c00c65635a49cf7750966aa6056f36e91c4b8977953d863569ebd8e
SHA1 hash: 2a140de2367b7f11ad6ca3bf7045e6afbc0daed3
MD5 hash: 99252dcf20b8ffac717e4bab6bcbe38f
humanhash: illinois-michigan-single-triple
File name:99252dcf20b8ffac717e4bab6bcbe38f.exe
Download: download sample
File size:118'313 bytes
First seen:2024-10-18 11:42:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash be41bf7b8cc010b614bd36bbca606973 (195 x LummaStealer, 126 x DanaBot, 63 x Vidar)
ssdeep 1536:SErPZ3IBZcbTfu1HlrJFCPcbPnsblLzGpHU6CfKRF:hPC23aJFC0bPnshLzGPCfK3
TLSH T1EAC31A119AB484AAF0648BB99726D7710D7A9C1305F1ED5F135CBC9E3CEF6808C1EA26
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
359
Origin country :
NL NL
Vendor Threat Intelligence
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=671249c834f884d15c8cac6a
Tags:
Injection Exploit
Verdict:
Malicious
Labled as:
Backdoor.Agent
Link:
https://www.hybrid-analysis.com/sample/e35b7bb2535c7c6000180e8cfafdc6d2e20c12c3fc3895a85ca2c55a6c1401f9
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/284199f7-57ee-4472-95db-5471df0949df
Result
Threat name:
n/a
Detection:
unknown
Classification:
n/a
Score:
4 / 100
Link:
https://www.joesandbox.com/analysis/1537010
Behaviour
Behavior Graph:
Download SVG
Score:
12%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/e35b7bb2535c7c6000180e8cfafdc6d2e20c12c3fc3895a85ca2c55a6c1401f9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e35b7bb2535c7c6000180e8cfafdc6d2e20c12c3fc3895a85ca2c55a6c1401f9/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4nnxxmstlr6gaaayb2gpv7og2lrayewd7q4jlkc4ulcvu3auah4q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/241018-nvkteaxfjk/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/ff3176a8-b46a-4756-8725-abc0ab22ef78
Unpacked files
SH256 hash:
e35b7bb2535c7c6000180e8cfafdc6d2e20c12c3fc3895a85ca2c55a6c1401f9
MD5 hash:
99252dcf20b8ffac717e4bab6bcbe38f
SHA1 hash:
2a140de2367b7f11ad6ca3bf7045e6afbc0daed3
Link:
https://www.unpac.me/results/5b37a6e2-6fa7-465b-a0f0-562a956abef6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e35b7bb2535c7c6000180e8cfafdc6d2e20c12c3fc3895a85ca2c55a6c1401f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e35b7bb2535c7c6000180e8cfafdc6d2e20c12c3fc3895a85ca2c55a6c1401f9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3200036/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteW
SHELL32.dll::SHFileOperationW
SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::OpenProcess
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetDiskFreeSpaceW
KERNEL32.dll::GetCommandLineW
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::GetWindowsDirectoryW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuW
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExW
USER32.dll::OpenClipboard
USER32.dll::PeekMessageW
USER32.dll::CreateWindowExW

Comments