MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb9a70ac0d1f7c413f10f5308bda81e1da5a9b5bfd2ab7c8d89232eada71c143. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	eb9a70ac0d1f7c413f10f5308bda81e1da5a9b5bfd2ab7c8d89232eada71c143
SHA3-384 hash:	cf9af9ae4759b13821f441428c40a5fb9040ab3b9fe47348119d5710d86750e5c114a895552d3ae3a3a2bb3db3991492
SHA1 hash:	478bb364184d882005d0503c91a9929d81e89765
MD5 hash:	80adc9e5666a4b94fe1637f92d0611b0
humanhash:	mango-tennessee-uranus-robin
File name:	eb9a70ac0d1f7c413f10f5308bda81e1da5a9b5bfd2ab7c8d89232eada71c143
Download:	download sample
File size:	212'965 bytes
First seen:	2020-03-23 18:52:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4e0ce9183eb6ad1303d375892689ba90
ssdeep	6144:NVm+J4EB7LR8wT3A2iV/1gsSU3qDgpCZyD8hZI:HmC4Ed2wEt1gw3qhZyQQ
Threatray	37 similar samples on MalwareBazaar
TLSH	A8241299B38B16DBD1D629F3CB0EED4B3F48950E277D4A8FA04C5C4B689720443B6E60
Reporter	Marco_Ramilli
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-48

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-4

Gathering data

Threat name:

Win32.Trojan.Mucc

Status:

Malicious

First seen:

2019-03-09 19:00:45 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 30 (86.67%)

Threat level:

2/5

Verdict:

malicious

24d6774c1e91ab5d03b2bc857f8f35534acbc8f4ed8aaf802372588638100cb4

5e7621b7f875f9e6c730454d916a2bc2acb7d8b1fbc1dbe7cdb1917d42f1590b

6960d585698d0353194d53afa7c6db5a68386fa8855cefefe9a2f4ce1292b5da

82732e47492148243ee3fb338c93d43b9a9984f39e3409327600cffc5766af1b

86d5516b71ddd68cf50273d5fa8a501c399be218b35dcfc09c29ef97f3afc111

87881f84676ff10ab3f51519748d1799468def9f10dab79588b1d655d0eddb71

c015de0626ba91b194a47d0c8d76594e1bddadae9d9a6891b26ff7c2bc0fade3

e3afb8be8f04e148a4214c375eff4817f2afcfcaff0f6a0bf2f5e324d9649b1b

e97c8416fc63162b69167c2b4f51f82ae6aacc8e4276b76ca5b775ba2ec437ea

+ 27 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe eb9a70ac0d1f7c413f10f5308bda81e1da5a9b5bfd2ab7c8d89232eada71c143

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/155393/

URLhaus

https://urlhaus.abuse.ch/url/99796/

URLhaus

https://urlhaus.abuse.ch/url/263107/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample