MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5b7d451f9c435d27dcfb429ae95ca97a1ba8688ba373a47a2f910efd38dcaa2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5b7d451f9c435d27dcfb429ae95ca97a1ba8688ba373a47a2f910efd38dcaa2
SHA3-384 hash: b31b45623ae6c2536a82d599654c1826011df76dd5fa74b40526018debb966427abf13891f24ead5681392c14d2885dc
SHA1 hash: 6d4452f46a1402b7399e8ea398a0b7ec25f554ea
MD5 hash: a2803b77a3beda31fa8af1382e5dfde5
humanhash: august-floor-uncle-montana
File name:e5b7d451f9c435d27dcfb429ae95ca97a1ba8688ba373a47a2f910efd38dcaa2
Download: download sample
File size:983'040 bytes
First seen:2021-02-26 22:00:13 UTC
Last seen:2021-02-26 23:55:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 161c85364c462057ba28801ac1ad5404 (1 x Vjw0rm, 1 x RemoteManipulator)
ssdeep 24576:7fTkD0E003ubc2MRgCmP/ZwIDzq+Iha5a0H+bX:7G00SSgCmP/ZwYj48a0eb
Threatray 7 similar samples on MalwareBazaar
TLSH 8C256C6923EC43D8DA76E072EA12C707DEB3788A0674BB1F0DE04A766F13671161E752
Reporter c3rb3ru5d3d53c2


Avatar
c3rb3ru5d3d53c
IRANIAN FILELESS ATTACK INFILTRATES ISRAELI ORGANIZATIONS

Intelligence

File Origin
# of uploads :
2
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e5b7d451f9c435d27dcfb429ae95ca97a1ba8688ba373a47a2f910efd38dcaa2
Verdict:
No threats detected
Analysis date:
2021-02-26 22:02:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/47866ee3-b806-465b-ba4b-5dcacffac124

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/119540/
Detection(s):
SecuriteInfo.com.Mal.Generic-S.4374.15717.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Sending an HTTP GET request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/620231
Signature
Binary is likely a compiled AutoIt script file
Multi AV Scanner detection for submitted file
Uses Windows timers to delay execution
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e5b7d451f9c435d27dcfb429ae95ca97a1ba8688ba373a47a2f910efd38dcaa2/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2017-07-05 00:38:00 UTC
AV detection:
7 of 28 (25.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
07cf6baf41520d0e97f2010bf76c2ed10509fbf599209ae4bc250eb375515114
523a9d789a271e3b1f9eda837734999dddb4b8c80c772eda1fd55c2bef35c91e
68c944c28e2b06a534175149916e7daaf9a8cb12b09178e89556bcc8337d682f
a983859af1159996ed7ba7d66e0ba5d23b23e00a6e3add422421a016451b72e7
c7f6ad7d3e040d26e8103885756e2f720a97a16f12ef44bf6707676d26680586
e1d51f402e88ba4bdb8ae2906a6158ef753c50a7eeae7d8bb5d832a8c7492027
e89843256ff5ba727b9195361447d30e88fbfb660e97aaad5cb0196fd2f0991a
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210226-g8fgz8c8be/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
e5b7d451f9c435d27dcfb429ae95ca97a1ba8688ba373a47a2f910efd38dcaa2
MD5 hash:
a2803b77a3beda31fa8af1382e5dfde5
SHA1 hash:
6d4452f46a1402b7399e8ea398a0b7ec25f554ea
Link:
https://www.unpac.me/results/026f08cc-ab93-487a-9f8e-8b5c261ab5e8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e5b7d451f9c435d27dcfb429ae95ca97a1ba8688ba373a47a2f910efd38dcaa2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AutoIT_Compiled
Create hunting rule
Author:@bartblaze
Description:Identifies compiled AutoIT script (as EXE).

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability
  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/119540/

Comments