MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5c44b0338c36ae76e5d99f19bef5495e736a1f628898a5606e2092272b73d07. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5c44b0338c36ae76e5d99f19bef5495e736a1f628898a5606e2092272b73d07
SHA3-384 hash: 735991f5cf62b86dfccf11e797e3e7234b43ea6fce97836e94daacf48777693e6640cc9c9b3e5bfdf4f75992828799f7
SHA1 hash: c748119cfa0c3e67f184f049352ad19580041d7c
MD5 hash: 94fc742fce899d0c370059827b2d86ae
humanhash: carbon-video-xray-december
File name:ChromeSetup.url
Download: download sample
File size:170 bytes
First seen:2024-03-08 14:32:07 UTC
Last seen:Never
File type:
MIME type:text/plain
ssdeep 3:HRAbABGQYmiz8lXCEKEg2vL4uJ6ovUo1YSo/QJ4ovstwWD9W3phAfWMJWPaJ+GKy:HRYFVmiz0XCEfxL4/ovISoIJlvstwWDZ
TLSH T181C08016454FC51E05DB94594A65597CDD41A4C285AEDC5253D14B08BDC1460CD5C645
TrID 91.6% (.URL) Windows URL shortcut (11000/1/2)
8.3% (.INI) Generic INI configuration (1000/1)
Reporter rmceoin
Tags:url


Avatar
rmceoin
eu-pledge.eu/update/ (fake browser update)
->
eu-pledge.eu/update/ChromeSetup.url (URL)
->
file:\\91.92.250.150@80\Downloads\ChromeSetup.exe.lnk (LNK)
->
http://89.23.98.210/ChromeSetup (HTA)
->
eu-pledge.eu/update/ChromeSetup.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilShortcut.DottedQuadDancingInHeaven.20230105.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/65eb219f757c624818a68b62/reports/7ef70955-7dba-4ace-ad65-6a6c3ede1a90/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/e5c44b0338c36ae76e5d99f19bef5495e736a1f628898a5606e2092272b73d07
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e5c44b0338c36ae76e5d99f19bef5495e736a1f628898a5606e2092272b73d07/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4xcewazyynvoo3s5thyzx32usxttnipwfceyuvqg4iese4vxhudq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Methodology_Contains_Shortcut_OtherURIhandlers
Create hunting rule
Author:@itsreallynick (Nick Carr)
Description:Detects possible shortcut usage for .URL persistence
Reference:https://twitter.com/cglyer/status/1176184798248919044

File information

The table below shows additional information about this malware sample such as delivery method and external references.

e5c44b0338c36ae76e5d99f19bef5495e736a1f628898a5606e2092272b73d07

(this sample)

unknown f3e6d8f973c6c8e1ab02c684e0a40bdd77e73ec7fd360f322da01f268582c655

Executable exe 7eb0014fac4365b6b61002f165673956d5e5efaba16efafebe9575396f58c09e

Rhadamanthys

Shortcut (lnk) lnk d740d3c26404ee20b5d4b9863c9fb4d402518c2a5c752e5a6c79ff060981b3f3

  
Dropping
SHA256 d740d3c26404ee20b5d4b9863c9fb4d402518c2a5c752e5a6c79ff060981b3f3

Comments