MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e463d24b09ee120b0d0b6230d24f4337a73e312a4ac7fb9a3b434ec0a805db00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e463d24b09ee120b0d0b6230d24f4337a73e312a4ac7fb9a3b434ec0a805db00
SHA3-384 hash: c9291c9141d733ab5ca6106c76e3d9a4838be7f195b503f00bac1018ef5664876c17b354548641c46bdb6e95ff9406dd
SHA1 hash: e36c08d2ba8a643f5918e2735a0222b46bcdee73
MD5 hash: d2d8dda2a7c25c0c8cdbc09e2387c885
humanhash: timing-rugby-jupiter-magnesium
File name:e463d24b09ee120b0d0b6230d24f4337a73e312a4ac7fb9a3b434ec0a805db00
Download: download sample
File size:3'597'423 bytes
First seen:2020-09-08 12:17:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bff8da1d90c0229d0d07bc65980358e (1 x CobaltStrike)
ssdeep 98304:ZR9jK6tmDv4phqvBfmhwnJB6Fi4CnotnbtFWbFg:Vjxhqv1bn3GvVB/
TLSH 3BF5336AFA608DCEC4311A3859F2C03E1537107A67D1DEE897CD93E026FA7397219D1A
Reporter JAMESWT_WT
Tags:47.240.45.183

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/57886/
Detection(s):
SecuriteInfo.com.BackDoor.Meterpreter.96.17276.4183.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Connection attempt
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e463d24b09ee120b0d0b6230d24f4337a73e312a4ac7fb9a3b434ec0a805db00/
Threat name:
Win64.Trojan.Shelma
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 23:14:21 UTC
File Type:
PE+ (Exe)
Extracted files:
213
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/200908-s7hgkv6qpa/
Behaviour
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e463d24b09ee120b0d0b6230d24f4337a73e312a4ac7fb9a3b434ec0a805db00

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/malwrhunterteam/status/1303301068730834945?s=20
Cape
Cape
https://www.capesandbox.com/analysis/57886/

Comments