MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e96e3b77c603f413be1eb00e0ebba9223a104ac053606f3409a92eaead6f2fd3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e96e3b77c603f413be1eb00e0ebba9223a104ac053606f3409a92eaead6f2fd3
SHA3-384 hash: 56633fd34f5cb9537345853e71c3f1903f92f36690b3368db344ffb8a938c7aec7edda96d7894623f47fb7b84466d457
SHA1 hash: c38325cd3d9aa74fc5a864a92e096000a260d453
MD5 hash: 5d4dbecae540acddc6ec252b4cf5c980
humanhash: utah-cardinal-six-california
File name:e96e3b77c603f413be1eb00e0ebba9223a104ac053606f3409a92eaead6f2fd3
Download: download sample
File size:1'171'544 bytes
First seen:2021-09-09 09:58:15 UTC
Last seen:2021-09-09 11:24:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ddf7967f271d2def449d78bf72166fcb (1 x Metasploit, 1 x XWorm)
ssdeep 24576:l13gJnNiQQSA7Ph8NKvKUWqPU5EDvLJPjraFLR5ROW8U:lWjrHKvKUTPjrkp7z
Threatray 6 similar samples on MalwareBazaar
TLSH T15845D113BAD184B2F1430532453AA77BBE36B2006935CE87D3D45D785A632A1EA3F39D
dhash icon d292b0b2da36bcbe (11 x AsyncRAT, 7 x Metasploit, 6 x CoinMiner)
Reporter JAMESWT_WT
Tags:exe SIA MWorx signed

Code Signing Certificate

Organisation:SIA "MWorx"
Issuer:Sectigo Public Code Signing CA EV R36
Algorithm:sha384WithRSAEncryption
Valid from:2021-07-07T00:00:00Z
Valid to:2022-07-07T23:59:59Z
Serial number: 7ebcb54b7e0e6410b28610de0743d4dd
Intelligence: 4 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: 63aa71d0e459d85f42d2defea2a4d96ba93959665f266d339193977b7dde1e25
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e96e3b77c603f413be1eb00e0ebba9223a104ac053606f3409a92eaead6f2fd3
Verdict:
No threats detected
Analysis date:
2021-09-09 10:01:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3c7681cd-4fd0-46d0-b68c-196b83598fd6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186563/
Detection(s):
SecuriteInfo.com.Trojan.Gozi.825.8915.29653.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Reading critical registry keys
Sending a UDP request
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dc406e1b-73ba-411d-a181-84d7e304423e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/847987
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e96e3b77c603f413be1eb00e0ebba9223a104ac053606f3409a92eaead6f2fd3/
Threat name:
Win32.Trojan.GenCBL
Create hunting rule
Status:
Malicious
First seen:
2021-09-08 03:10:21 UTC
File Type:
PE (Exe)
Extracted files:
550
AV detection:
7 of 28 (25.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
6b08c2df61f78ec6d59f2ea334fed35202e1c1e8a796f9709544bda5d30bc87f
76f7bf0fdd9b10a084a69aa6dd475426c1d335f7e0d26544af7cbed40e86a762
8e1d0291e0708d70f16cfe550b8c0e9b8d4e11b71a1d3fdd07e44f7505b12ef0
c981d0b67e470060326e1daa78c090e5b76ed28f9a41f5fa8a4216c420b8dfb0
d6b1fd6f2a40416bebd7f6a2c5fef23e1fd677b7e2487ffa61cf626d3eb57841
e296665db7b0416f92848115e3b608a59a5e493413134a718c1f573494157f34
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210909-lz5m9sbbbl/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Unpacked files
SH256 hash:
e96e3b77c603f413be1eb00e0ebba9223a104ac053606f3409a92eaead6f2fd3
MD5 hash:
5d4dbecae540acddc6ec252b4cf5c980
SHA1 hash:
c38325cd3d9aa74fc5a864a92e096000a260d453
Link:
https://www.unpac.me/results/b3ce2876-cc5f-456a-be8e-b21d6d79b2e9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e96e3b77c603f413be1eb00e0ebba9223a104ac053606f3409a92eaead6f2fd3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/186563/

Comments