MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edbc39ee76f318a70ce0083fe1d3260cc4422291e8c9ee40cf7bbf74230cfd6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: edbc39ee76f318a70ce0083fe1d3260cc4422291e8c9ee40cf7bbf74230cfd6c
SHA3-384 hash: 25e49fcb6315f8fb5f2f9e122da2ff455c7339d697823d67b323656e3141964675e5234fc948c2c12e3c821f3795739c
SHA1 hash: 1a7a6622ed94252de408ab5e72d0b49a56f7bb8e
MD5 hash: 0e956c84929ac16b36339ec4305c9b4a
humanhash: romeo-seventeen-robert-september
File name:0e956c84929ac16b36339ec4305c9b4a
Download: download sample
File size:18'883'584 bytes
First seen:2023-06-08 11:33:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 393216:EiEH6hd8xsOtcg2O9BXFNlkRmw0N9pTqcXkeX3E5B1fg71QFIcV/:EilhdgsOCgd9VFzkRmdN9pTqcUeXU5BD
Threatray 319 similar samples on MalwareBazaar
TLSH T1FD173374C455D5F1C589682D8C8AF1430245D8CCF2BE9C46F7CE0988BB2FB8B549A9FA
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 70ecec32686c90e0 (1 x CoinMiner, 1 x IcedID)
Reporter zbetcheckin
Tags:64 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
263
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
0e956c84929ac16b36339ec4305c9b4a
Verdict:
Malicious activity
Analysis date:
2023-06-08 11:36:31 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5de465e3-a91e-476c-8fc8-8521c4bc6bca

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.HEUR.Trojan.Win32.Generic.15742.12012.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Launching a process
Creating a process with a hidden window
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6481bcac8237763a9bd685c3/reports/e468f536-0a42-423d-a66b-70d0d8cdf026/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/edbc39ee76f318a70ce0083fe1d3260cc4422291e8c9ee40cf7bbf74230cfd6c
Result
Verdict:
MALICIOUS
Malware family:
PureCrypter
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ecb93e36-90e6-476e-a309-2e8b1401fc77
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1251336
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/edbc39ee76f318a70ce0083fe1d3260cc4422291e8c9ee40cf7bbf74230cfd6c/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-06-08 11:34:08 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
7
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5w6dt3tw6mmkodhaba76duzgbtceeiur5de64qgppo7xiiym7vwa._file
Verdict:
unknown
Similar samples:
17e813ed934ac345e4b9b9384aaff9e5b7a20b4efc8f75ef784f06bde2420b2d
1fff1da5f372277d993db5314aa2839be27cd3b241360a4d94832e319cfa26f8
33b5dd91de8cc8374fd126d232fa1e466aab16ed580a655ff972c34a226d71ae
3d0ca1eae8fea7a819792d171474939a71ea7bfdcbe40b7a797d9810a8d2a70a
77b72d9e11b5b61983903918dfb822e8c6c1e3a4acd6a5fde5db7a3cf004b445
8a69c6b0efd7bbf528d4a163be673143bf04021faafcc076aa2cc73d7688de63
aa6646da5d47bbfffce88075205a5e6c1af6107a9dae7dec98b14e7c3d022219
b432b8aa06d6977b2f87eafa17634e0fded464c7a521e0120c393c4f4d084fc9
cf9e6fdf4c23de95bcdf9e9964a997f5279df752f0f20ccdc101c92110168079
fad5e5168ba1adf95d4199bb08cd8fc6f0dd4fdbeafd5af78d032fd23d7a93e9
+ 309 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/230608-npfbqseh29/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Checks computer location settings
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
edbc39ee76f318a70ce0083fe1d3260cc4422291e8c9ee40cf7bbf74230cfd6c
MD5 hash:
0e956c84929ac16b36339ec4305c9b4a
SHA1 hash:
1a7a6622ed94252de408ab5e72d0b49a56f7bb8e
Link:
https://www.unpac.me/results/8215de20-b3be-4a14-a854-40702e35167a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/edbc39ee76f318a70ce0083fe1d3260cc4422291e8c9ee40cf7bbf74230cfd6c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe edbc39ee76f318a70ce0083fe1d3260cc4422291e8c9ee40cf7bbf74230cfd6c

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2655648/

Comments


Avatar
zbet commented on 2023-06-08 11:33:33 UTC

url : hxxp://file.gta5cheatcode.world/dashboard/file/dxpserver.exe