MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec3776e05a46faa8ebc57582b26f1405d67ef4e7100241bc26c2d65ec1ecfcc5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mansabo

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	ec3776e05a46faa8ebc57582b26f1405d67ef4e7100241bc26c2d65ec1ecfcc5
SHA3-384 hash:	d0d48bb0307b3de8809ef1874d1f832bc30676522d21979d178bf55010e046246c1f3b9f38976020c95dfd51719ffb2a
SHA1 hash:	b074dd2e4acf9375f9faf3c3fbf69ff6f026817d
MD5 hash:	9373521a2eeff28bdefb0155f196bcb0
humanhash:	alaska-beryllium-glucose-leopard
File name:	virussign.com_9373521a2eeff28bdefb0155f196bcb0
Download:	download sample
Signature	Mansabo Create hunting rule
File size:	1'194'909 bytes
First seen:	2022-07-15 17:01:42 UTC
Last seen:	2024-07-24 22:41:27 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	58471b8a9f8702d1a9e4838d7b7d501a (9 x TrickBot, 5 x Mansabo)
ssdeep	24576:zQ5aILMCfmARMeXHZalNvyOkQyYiIXHCrNhdkS6d:E5aIwC+Aj4k45M6d
TLSH	T10245D129EB547A75F253097576102A9F3C418D7C01A3DF4AAB8689CDB402DA3F2F532B
TrID	32.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 28.9% (.EXE) Win32 Executable (generic) (4505/5/1) 13.0% (.EXE) OS/2 Executable (generic) (2029/13) 12.8% (.EXE) Generic Win/DOS Executable (2002/3) 12.8% (.EXE) DOS Executable Generic (2000/1)
Reporter	KdssSupport
Tags:	exe

KdssSupport

Uploaded with API

Intelligence

File Origin

# of uploads :

# of downloads :

126

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

virussign.com_9373521a2eeff28bdefb0155f196bcb0

Verdict:

Suspicious activity

Analysis date:

2022-07-16 02:09:57 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0efdb704-3792-4622-8920-438133b0377a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/290351/

Detection(s):

Win.Malware.Mansabo-7102049-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay

Link:

https://www.filescan.io/uploads/62d19e2201fde6ede683d8c9/reports/5ee09861-c007-4e7e-b3b5-bc1bc3a3a70c/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1034023

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ec3776e05a46faa8ebc57582b26f1405d67ef4e7100241bc26c2d65ec1ecfcc5/

Threat name:

Win32.Trojan.Mansabo

Status:

Malicious

First seen:

2022-07-09 02:07:52 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

23 of 25 (92.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5q3xnyc2i35kr26fowble3yuaxlh55hhcabedpbgyllf5qpm7tcq._file

Verdict:

malicious

Label(s):

trickbot

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220715-vj4wgacgb8/

Behaviour

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

ec3776e05a46faa8ebc57582b26f1405d67ef4e7100241bc26c2d65ec1ecfcc5

MD5 hash:

9373521a2eeff28bdefb0155f196bcb0

SHA1 hash:

b074dd2e4acf9375f9faf3c3fbf69ff6f026817d

Link:

https://www.unpac.me/results/4df7368d-a11b-4fe6-96db-d5e0e59bd116/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/ec3776e05a46faa8ebc57582b26f1405d67ef4e7100241bc26c2d65ec1ecfcc5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mansabo

exe ec3776e05a46faa8ebc57582b26f1405d67ef4e7100241bc26c2d65ec1ecfcc5

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/290351/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample