MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e89f2dc0b3289c0de0c8957e5fc2807c32ab7402922acf27a274b1d460e8ad92. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e89f2dc0b3289c0de0c8957e5fc2807c32ab7402922acf27a274b1d460e8ad92
SHA3-384 hash: 147b94297099fd81a72aa8a9f9bcb39d4c59cb6d6965b0e08682b63f453914610974a1ed580ddfbfd1ec73369970e277
SHA1 hash: 3e563ed299cbbf3c00395c774eef2c30229e5af0
MD5 hash: 4bec9b386a1ff69936b87eec0fc3958f
humanhash: mockingbird-ohio-salami-alpha
File name:4bec9b386a1ff69936b87eec0fc3958f
Download: download sample
File size:9'604'608 bytes
First seen:2021-11-22 16:55:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e48cc266501c282987b27f2c1f654e2d (52 x RedLineStealer, 3 x RaccoonStealer)
ssdeep 196608:daIKPsTF5Vm7RCyUdpR8MSVBi5lBvaGmb1sAcMZatS3q+LvBx7CMBHSf:dYUhqR1MYWlpaGmYM3q+LvBxumSf
Threatray 67 similar samples on MalwareBazaar
TLSH T19DA633286AA5F243CE2E97F1F29F0493F072717ECACE50999EB93513F65078A9314C94
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4bec9b386a1ff69936b87eec0fc3958f
Verdict:
Suspicious activity
Analysis date:
2021-11-22 16:59:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/99df0c4b-088b-4395-999a-99e6944c3628

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/619bcba6398e2553d201016c/reports/659eaecb-6e10-43df-aee6-5c944a39025f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ff46f7d2-dae9-4e6c-8ae3-8c5f61f1c6fa
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/894040
Signature
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file has nameless sections
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e89f2dc0b3289c0de0c8957e5fc2807c32ab7402922acf27a274b1d460e8ad92/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-11-22 16:56:32 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
19 of 45 (42.22%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1b40867dde275738e50b3d41dc494c9839f6854324238b64b292db34ef35f454
2beac8c979465806b1c3f9e2208ef7956b201b97368dce8293bc948f78c96e96
5285ffebc00e0e75efcb1944329d1708d658eb5b4e5928d191323d933a3673e4
66626e96234ecf2d900ee0fb9d1e74922d80e4438437c7424df04e0eb25a9e53
8ec06531b8d67c49241fcf844168448b6a7c428a32d41f00d3714e19e1b18f3c
b9f3e6280987d8ad781c577d6b94c9cdb4b40947edddbb7e83fc4cd97ad2a17b
d6c6604e4081f2de1edb2ce716ddcc8186f252ca1babc641b83e77fdf14fca7b
+ 57 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/211122-vfpmdagdbn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Unpacked files
SH256 hash:
e89f2dc0b3289c0de0c8957e5fc2807c32ab7402922acf27a274b1d460e8ad92
MD5 hash:
4bec9b386a1ff69936b87eec0fc3958f
SHA1 hash:
3e563ed299cbbf3c00395c774eef2c30229e5af0
Link:
https://www.unpac.me/results/4b89d988-8dd5-465c-93b3-b86e248f7add/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.46
Link:
https://yomi.yoroi.company/submissions/e89f2dc0b3289c0de0c8957e5fc2807c32ab7402922acf27a274b1d460e8ad92

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e89f2dc0b3289c0de0c8957e5fc2807c32ab7402922acf27a274b1d460e8ad92

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1805949/
Cape
Cape
https://www.capesandbox.com/analysis/208294/

Comments


Avatar
zbet commented on 2021-11-22 16:55:39 UTC

url : hxxp://host-file-host9.com/files/1831_1637587320_2862.exe