MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb492e7ed795dad887f187c81dd2ab8f8b8d9d08a8b179e9bfd442dff436eaeb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb492e7ed795dad887f187c81dd2ab8f8b8d9d08a8b179e9bfd442dff436eaeb
SHA3-384 hash: d70a8ec60f5cc69ce1dcd5f6b07c5c0b6b382e362c2597ad660fc64ace5a1750fa3a0ee1021fb512c18aeed17abe78ca
SHA1 hash: bde5f24489fbe411f6b0ed07526a5760494a51b8
MD5 hash: 46dc1b5f1534030eb90597c945768a19
humanhash: potato-spring-bravo-double
File name:eb492e7ed795dad887f187c81dd2ab8f8b8d9d08a8b179e9bfd442dff436eaeb
Download: download sample
File size:479'706 bytes
First seen:2020-11-07 20:16:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 02eaa4851334f6695809b3d0a008cf6b
ssdeep 12288:5Add3NZgMKBQXmYXmZS3PL51Pe55lx0Tsq+Y4:5Add3cMKB+mYX7de57x0Th4
Threatray 2 similar samples on MalwareBazaar
TLSH 51A4AE167780D033C57302358E56D7A8A5B9F9B14A214047F7E8EFBE7E702C29A39B46
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

PUA.Win.Packer.Aspack-29
Create hunting rule

PUA.Win.Packer.Aspack-30
Create hunting rule

PUA.Win.Trojan.Generic-6629273-0
Create hunting rule

Win.Trojan.Ipamor-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows directory
Creating a process from a recently created file
Creating a process with a hidden window
Modifying an executable file
Deleting a recently created file
Replacing files
Sending a UDP request
Launching a process
Changing a file
Creating a window
Changing an executable file
Delayed reading of the file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Infecting executable files
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb492e7ed795dad887f187c81dd2ab8f8b8d9d08a8b179e9bfd442dff436eaeb/
Threat name:
Win32.Virus.Ipamor
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 20:39:21 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1366f4d5c0588219b4370436f78445184acc1564804f430d9e65c08d10b14340
f5cd226f5a80952c21b7f5be3ea27139f00d4e7f3f21dd2bda213fab4a66fd98
Result
Malware family:
n/a
Score:
  8/10
Tags:
aspackv2 persistence
Link:
https://tria.ge/reports/201108-g7fblhg9ax/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Adds Run key to start application
Loads dropped DLL
ASPack v2.12-2.42
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments