MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef05a0579fafc22121974556b32d9761c20c284ebbf57ea996651190ed597b15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef05a0579fafc22121974556b32d9761c20c284ebbf57ea996651190ed597b15
SHA3-384 hash: 600558f8b758268007db0704a7ee9a96413c8257536600c6b4f09933216e2ef78fbaf9064e9827cda295ff9686fc8309
SHA1 hash: 5bc65288cdd63fd4cd0befee4939854e42b2522e
MD5 hash: 89a643a7472b8fee2a33a5a3f20eee55
humanhash: solar-sodium-delaware-oscar
File name:SecuriteInfo.com.BScope.Trojan.Occamy.4396
Download: download sample
File size:22'408 bytes
First seen:2022-09-25 10:27:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash adaf29a9b038353d7a3ea9a15a60e10e
ssdeep 384:aA87+I26vVpb8i3qXucw41MJIDGlNb0B4i/8E9VF0NylB:t4+IVvL8zXbw2MCDGH8eEZ
Threatray 3 similar samples on MalwareBazaar
TLSH T11CA28D43CAA82C42DD564E3230E8D9293F7137816B94C4F7A22DC061A7C93827AFD1BD
TrID 54.9% (.EXE) UPX compressed Win32 Executable (27066/9/6)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
4.1% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
300
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/313157/
Detection(s):
SecuriteInfo.com.BScope.Trojan.Occamy.4396.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Сreating synchronization primitives
Enabling autorun by creating a file
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/38971/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/63302db4da5bfff0bb746263/reports/5c9c804e-d510-48eb-8d3f-b166b2e54b66/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5996ff62-f6bb-4fa0-b850-1a7c230aa621
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1076832
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ef05a0579fafc22121974556b32d9761c20c284ebbf57ea996651190ed597b15/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-09-20 11:29:13 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
16 of 40 (40.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=54c2av47v7bccimxivllglmxmhbaykcoxp2x5kmwmuizb3kzpmkq._file
Verdict:
malicious
Similar samples:
42d3be363dd71be21102baba9ef2e2d7a4a3629431e94bca22ae171766dbe3da
45136071c0cb88b6cbf83675992b439590a0f3425c6f3a8ee548c5228d0d9e6f
ca3d79dbd07fe563bdab59e559fafede0199aff5e25c138c560277e8a4521a87
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/220925-mhn5maeda4/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Program crash
UPX packed file
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/fa1176f2-877b-409e-8ea2-603c17ded0f3
Unpacked files
SH256 hash:
b98c68df458f175d75309716a91b526eab38f4cf19350640d565a397657fff38
MD5 hash:
e07d256af570f5e92f4e5374a1fe7364
SHA1 hash:
7c5f1aec71edd2e7cda09e1c5f6e6c495f287bca
Detections:
win_vigilant_cleaner_auto
Create hunting rule
Link:
https://www.unpac.me/results/03c7afd9-a05a-42b8-8f88-41d7e525914e/
SH256 hash:
ef05a0579fafc22121974556b32d9761c20c284ebbf57ea996651190ed597b15
MD5 hash:
89a643a7472b8fee2a33a5a3f20eee55
SHA1 hash:
5bc65288cdd63fd4cd0befee4939854e42b2522e
Link:
https://www.unpac.me/results/03c7afd9-a05a-42b8-8f88-41d7e525914e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ef05a0579fafc22121974556b32d9761c20c284ebbf57ea996651190ed597b15

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ef05a0579fafc22121974556b32d9761c20c284ebbf57ea996651190ed597b15

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2313298/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/313157/

Comments