MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8c00468964966dfdbae2de1d15a8a24b5ba4dbe7dddd482888568f4430d4db1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 1


Intelligence 1 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8c00468964966dfdbae2de1d15a8a24b5ba4dbe7dddd482888568f4430d4db1
SHA3-384 hash: 27fa81341203e5a95bd6e038f708fb45780eb30d987e4477c9426335ca46fed22cc8498e85f73fe2df219150155ae001
SHA1 hash: 881882a77fdeea242efa4ccdefc164cd4808093f
MD5 hash: 95d8ff5f140d41f1330879fc4b659bd2
humanhash: carpet-nineteen-artist-cat
File name:Gjybdn.bin
Download: download sample
File size:5'340'284 bytes
First seen:2020-06-24 08:37:34 UTC
Last seen:2020-06-24 09:47:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7aa1951517b3b8d38b12f874b66196c9 (2 x CobaltStrike, 1 x LaZagne)
ssdeep 98304:qU9mrHQktlw2Kce26t+JhVWn2xxjsAIzs7otrgkD3ysRNNENj:q93tlKXqXWnA3IzPrNzXN
Threatray 67 similar samples on MalwareBazaar
TLSH 6F36336CDCE04DBCE07D4633891D899D926E7C0107618ACFDE7772A1AF37691AD2B221
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/13622/
Detection(s):
SecuriteInfo.com.PE_File_pyinstaller.5694.21847.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Running batch commands
Sending a custom TCP request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e8c00468964966dfdbae2de1d15a8a24b5ba4dbe7dddd482888568f4430d4db1/
Verdict:
suspicious
Similar samples:
00383e0cef95de02bac4a4725234f5430202e33f1d80b1dd299d682590e6d2f9
290452bb8eb4dfcc3cfb1590c8fb1b44427a3c9f0439ad5855e35bc39537a3a3
3dcdb90a6140612a5ca5e3a3e7efbc82c43766355399965a200a5753fd1273ad
485fcf4c2834e20d71b6765eccd79f6b0880d6a9fdc5d3e519a943862e9b8246
50b73c4132c9240c404a85b5d2843436fe8d5022a7104b5faeab827f558c52e4
5a2e947aace9e081ecd2cfa7bc2e485528238555c7eeb6bcca560576d4750a50
5f7edbfee38f8e9a93df459405b952189d48b4a7f2ddc7a81d25bdfd59b31c80
8255cac50835b7957f99c316b18db603429583e2c9f2fe605e5a4a9f19c6e9cb
9cc659b2ca813ac76fd302254522e11352627942aa96a256da9f82ea269e6d94
ea1213c0a684662e8305cfe1c6eeebbb12a9d1404e7571438d3730cc1df1caab
+ 57 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-dhy1agh3me/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_File_pyinstaller
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Description:Detect PE file produced by pyinstaller
Reference:https://isc.sans.edu/diary/21057

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/13622/

Comments