MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f05d5a2fe9b0e832b06db4df35cdca37b3f729bb750d1707bae6260852e55dab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 14


Intelligence 14 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f05d5a2fe9b0e832b06db4df35cdca37b3f729bb750d1707bae6260852e55dab
SHA3-384 hash: 00db478513f2b565fa93a95d6fc8f458a4b292c5e1472bbbad0cacb6413072b197f8f8fafd8b34badc51ccc24f3f54ae
SHA1 hash: b663dda28d2e0db17ec162accbce17f6377f3fa9
MD5 hash: 9dacafbc2e728cee1f6b6052f3d83d5e
humanhash: hawaii-princess-sad-diet
File name:PO_5545356763 7767634763.exe
Download: download sample
File size:766'464 bytes
First seen:2024-08-09 06:55:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:QNmgmDtReUoNQWUdtnvfjC4PdwRN+0EakQsRxcr1N0dZN2LZGSZ5TTMX02:QN9mDzW+jHdwRN+0ci1Nk32LZGSZRTM/
Threatray 13 similar samples on MalwareBazaar
TLSH T136F4238A7BD05DB2C9623735A177AB1E1B51DE23FC1377C38510622A7A533CB593680B
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 00be8323b233bac0 (79 x AgentTesla, 11 x Loki, 9 x DarkCloud)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
340
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PO_5545356763 7767634763.exe
Verdict:
Suspicious activity
Analysis date:
2024-08-09 07:32:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/01239d22-fdd3-4aaa-960b-e73a7d2d4b89

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Malware.PDB-71.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66b5bd98aa5b40be0a9fe5a5
Tags:
Static Stealth Nekark
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Creating a file
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Enabling the 'hidden' option for analyzed file
Replacing executable files
Moving a file to the Program Files subdirectory
Creating a file in the Program Files subdirectories
Replacing files
Moving a recently created file
Forced shutdown of a system process
Moving of the original file
Unauthorized injection to a system process
Enabling autorun by creating a file
Infecting executable files
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
crypto_obfuscator_for_net obfuscated packed packed phishing
Link:
https://www.filescan.io/uploads/66b5bd9120b316b86ff239ff/reports/07bfe6a9-54ea-487d-aff6-16da6b5b6d4e/overview
Verdict:
Malicious
Labled as:
Jalapeno.Generic
Link:
https://www.hybrid-analysis.com/sample/f05d5a2fe9b0e832b06db4df35cdca37b3f729bb750d1707bae6260852e55dab
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cbee1198-1afe-4f37-917e-e3476a0c656c
Result
Threat name:
n/a
Detection:
malicious
Classification:
spre.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1490415
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
AI detected suspicious sample
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Drops executable to a common third party application directory
Infects executable files (exe, dll, sys, html)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/f05d5a2fe9b0e832b06db4df35cdca37b3f729bb750d1707bae6260852e55dab
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f05d5a2fe9b0e832b06db4df35cdca37b3f729bb750d1707bae6260852e55dab/
Threat name:
ByteCode-MSIL.Trojan.Jalapeno
Create hunting rule
Status:
Malicious
First seen:
2024-08-09 07:02:48 UTC
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6bovul7jwdudfmdnwtptltokg6z7okn3ougrob524ytaquxflwvq._file
Verdict:
malicious
Similar samples:
39c096e77e2ce57c75d07b577dbf5899b5e883a3d3435a0a3d0313a52718496a
526e3c918055d2bb13e27041204ac2caf34b650f0509ce7518bb9b524081e637
8dd2823b8343b3b64877355cb6b2b9f88d06b4dd586641fde317c592259b99ca
a39d23fa96fd6132f5bb3f10558c581584f957ade13a9d3f5d9a6c41e1907034
b360fa8c3d75aea26b7f82bbf598e6e52ec4a87a63b22b20fea0907aee96960a
d72f60a529f8e6785ce5ca2b781a9a42c951469de5019fadaae5919c36346868
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/240809-js3h8asbne/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Drops autorun.inf file
Suspicious use of SetThreadContext
Drops startup file
Loads dropped DLL
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/0469e068-807b-4fe1-8309-317fbcbcd5d8
Unpacked files
SH256 hash:
f05d5a2fe9b0e832b06db4df35cdca37b3f729bb750d1707bae6260852e55dab
MD5 hash:
9dacafbc2e728cee1f6b6052f3d83d5e
SHA1 hash:
b663dda28d2e0db17ec162accbce17f6377f3fa9
Link:
https://www.unpac.me/results/47e577bb-7227-41c1-ad8a-095925805369/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Virus
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f05d5a2fe9b0e832b06db4df35cdca37b3f729bb750d1707bae6260852e55dab

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments