MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb6b810f2cb85c0a1a028c53e4c346b3ec7601d1853758c3b8ce56eac6f96be8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb6b810f2cb85c0a1a028c53e4c346b3ec7601d1853758c3b8ce56eac6f96be8
SHA3-384 hash: 2649479c06a1fe2ee8eb1ce5504a2a3ea2d4215a9ecd61eb993ac838daf1fcc308a83d2ccb5498ce171e61b2ef772202
SHA1 hash: e287b59c70b350b4088dafef2e147dc848311e26
MD5 hash: 8902529d3903386516206bafcbb1e599
humanhash: social-beryllium-india-lamp
File name:IEXPLORE.exe
Download: download sample
File size:6'533'244 bytes
First seen:2021-07-13 22:14:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b0d2bcfaf69e32f6189b93d5e3f439ad (1 x Demonware, 1 x BlackKingdom, 1 x CobaltStrike)
ssdeep 196608:PmDvjYZfDkvd9e+q2WWmQNLBBGZlrhEbPcuQOpiUq:eDjYZ+d9vqZQxBBGuDQY7
Threatray 49 similar samples on MalwareBazaar
TLSH T12C663384F7E065D6D83B8934C861CA39F7637860970092BB43B813BB5DAB6613D3A735
Reporter r3dbU7z
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
IEXPLORE.exe
Verdict:
No threats detected
Analysis date:
2021-07-13 22:16:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/32ce942b-5ed5-4072-bbc0-94a20ef49428

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171522/
Detection(s):
SecuriteInfo.com.Mal.Generic-S.16953.26871.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/5c06251d-afdb-413b-bafb-b3353202fcf8
Result
Threat name:
Unknown
Detection:
malicious
Classification:
adwa
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/815922
Signature
Antivirus / Scanner detection for submitted sample
Drops PE files to the startup folder
Multi AV Scanner detection for submitted file
Uses whoami command line tool to query computer and username
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 448333 Sample: IEXPLORE.exe Startdate: 14/07/2021 Architecture: WINDOWS Score: 64 81 Antivirus / Scanner detection for submitted sample 2->81 83 Multi AV Scanner detection for submitted file 2->83 9 IEXPLORE.exe 58 2->9         started        12 IEXPLORE.exe 58 2->12         started        process3 file4 63 C:\Users\user\...\IEXPLORE.exe.manifest, XML 9->63 dropped 65 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 9->65 dropped 67 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 9->67 dropped 75 51 other files (none is malicious) 9->75 dropped 14 IEXPLORE.exe 9->14         started        69 C:\Users\user\...\IEXPLORE.exe.manifest, XML 12->69 dropped 71 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 12->71 dropped 73 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 12->73 dropped 77 51 other files (none is malicious) 12->77 dropped 17 IEXPLORE.exe 12->17         started        process5 dnsIp6 79 23.146.242.222, 1000, 49723, 49727 VDI-NETWORKUS Reserved 14->79 19 cmd.exe 1 14->19         started        22 cmd.exe 2 14->22         started        25 cmd.exe 1 14->25         started        33 15 other processes 14->33 27 cmd.exe 1 17->27         started        29 cmd.exe 1 17->29         started        31 cmd.exe 1 17->31         started        35 13 other processes 17->35 process7 file8 85 Drops PE files to the startup folder 19->85 87 Uses whoami command line tool to query computer and username 19->87 37 conhost.exe 19->37         started        39 whoami.exe 1 19->39         started        59 C:\Users\user\AppData\...\IEXPLORE.exe, PE32+ 22->59 dropped 61 C:\Users\...\IEXPLORE.exe:Zone.Identifier, ASCII 22->61 dropped 41 conhost.exe 22->41         started        43 2 other processes 25->43 45 2 other processes 27->45 47 2 other processes 29->47 49 2 other processes 31->49 51 14 other processes 33->51 53 10 other processes 35->53 signatures9 process10 process11 55 conhost.exe 37->55         started        57 conhost.exe 53->57         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb6b810f2cb85c0a1a028c53e4c346b3ec7601d1853758c3b8ce56eac6f96be8/
Threat name:
Win64.Malware.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-13 22:15:08 UTC
AV detection:
3 of 46 (6.52%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
06eeeac97751699903c4751be6fce5d4d453e25830e8a02cc118f41d592308c9
260809d850f42fd71f5ddff0bf68a241a82595aa062d82fa5ca6c7bf8076ad15
2ce89d5d8b680b72063d34470ff0e9b77075e25056bd0a50899c06e193fe2452
30a65a54acfbf8d412ade728cad86c5c769befa4e456f7c0e552e1ab0862a446
470ffa493e7716c84c02bcf84c1cde3116160f3904d1166c7da3defa4fad5f94
8445c0189735766edf0e3d01b91f6f98563fef272ac5c92d3701a1174ad072dd
aa7021b2e15ae62168b9734f62bd01c59f2e93be1e7937e74a599fb63360915a
b041e6269143175c32737be0345fca5574039cc8df37f06effdd93131a3b8dd5
e68a310f4d4a1a9d76c462cf0404a702bc138296a1badd2a7728656b3757c254
fb770a3815c9ebcf1ba46b75b8f3686acc1af903de30c43bab8b86e5b46de851
+ 39 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
pyinstaller
Link:
https://tria.ge/reports/210713-57q3d62cms/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Detects Pyinstaller
Program crash
Drops startup file
Loads dropped DLL
Unpacked files
SH256 hash:
eb6b810f2cb85c0a1a028c53e4c346b3ec7601d1853758c3b8ce56eac6f96be8
MD5 hash:
8902529d3903386516206bafcbb1e599
SHA1 hash:
e287b59c70b350b4088dafef2e147dc848311e26
Link:
https://www.unpac.me/results/03ff86a6-9c72-4450-95c8-2bbe08619ac3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eb6b810f2cb85c0a1a028c53e4c346b3ec7601d1853758c3b8ce56eac6f96be8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_File_pyinstaller
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Description:Detect PE file produced by pyinstaller
Reference:https://isc.sans.edu/diary/21057
Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/171522/

Comments