MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f19f6d6525d38d20a117a4c504b9b7de5d84312b416aed217d90ba44911b15b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f19f6d6525d38d20a117a4c504b9b7de5d84312b416aed217d90ba44911b15b0
SHA3-384 hash: 4d1b639ceff0f8581b7d005c17f041d75a947bf3359fea9b2909c9029c1f36d133aed30b8d90222b456ddf69f509fc42
SHA1 hash: 4cbf637cfe55b8351094c75aab4c8e1c6f462008
MD5 hash: 21c5b776a3e88127ee53702984bedbb4
humanhash: eleven-alaska-ceiling-eighteen
File name:file
Download: download sample
File size:1'410'136 bytes
First seen:2022-12-19 05:39:04 UTC
Last seen:2022-12-20 23:00:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8556c522621bf551eddbfefc45061d4e (2 x ArkeiStealer, 1 x Amadey, 1 x RedLineStealer)
ssdeep 24576:fqUOFW98SN3yUPlCbBfnjL/fjZf9I6RXD/j07l1WwXGJS6k0PdQxOWgGTqn1mYS3:vf33lCbBvjrLZ68wBXGTNn1vmVf0o0Pi
Threatray 5 similar samples on MalwareBazaar
TLSH T16D653C504A258839CBD6747EF3911E042EDAFA94F78B4DB353347AA28DF96D00CAD91C
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon b2b271f0f090b090
Reporter andretavare5
Tags:exe signed

Code Signing Certificate

Organisation:*.logical.net
Issuer:Sectigo RSA Domain Validation Secure Server CA
Algorithm:sha256WithRSAEncryption
Valid from:2022-03-22T00:00:00Z
Valid to:2023-04-21T23:59:59Z
Serial number: 77f770b563773846be8ca9bebcf35c29
Intelligence: 4 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 009461b22d698602a4acfd9ad5c0e099458ce051fcc8b6176c03fa8e97275123
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
andretavare5
Sample downloaded from http://91.213.50.96/files/hobnob.exe

Intelligence

File Origin
# of uploads :
80
# of downloads :
181
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2022-12-19 05:39:49 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4fa91d2f-f4d7-41cf-b8e4-938d195ec963

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/347815/
Detection(s):
SecuriteInfo.com.Variant.Jaik.109578.7153.22708.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/639ff933bda6c94c89d50364/reports/f4fe72fb-2e56-4add-955c-dda2c4ee3baf/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Mustang Panda
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/335bf4b8-0538-4b8d-8a95-f17328b2aa22
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1136876
Signature
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f19f6d6525d38d20a117a4c504b9b7de5d84312b416aed217d90ba44911b15b0/
Threat name:
Win32.Trojan.Strab
Create hunting rule
Status:
Malicious
First seen:
2022-12-19 05:40:09 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
17 of 25 (68.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6gpw2zjf2ogsbiixutcqjonx3zoyimjlifvo2il5sc5ejei3cwya._file
Verdict:
malicious
Similar samples:
0230c45f322c73236579976f24ce3b1e4909862d056c9150f0fcc4977d6e48f1
1dc1cd3e48f9a9121fe3605e88a89015ea918f957ee267dce95b2626d3301ab9
23bfe23863ee4df2f5279e93f85b19c8bc2a826ca97841d7ccf790cebe07f48f
366e015f3ab40776810c6c6b3e2c26c294311ff0b7f3232ce7ad2a3445649301
4b23dbecbc40a065b279bb9153bf2aafe500eefb1f61e37b4339cd43f38783c2
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/221219-gcwdvsec83/
Behaviour
Suspicious behavior: EnumeratesProcesses
Program crash
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f06da7a4-7247-483b-9e9c-878f704fada7
Unpacked files
SH256 hash:
f69f7c4f4e11165661741062bb3308702e58908fc2163fdfde03b51a77d67426
MD5 hash:
245e382cb996727c5d64be6394c24afb
SHA1 hash:
1e486d07881c24453db104edfbf8a48df87fb59a
Link:
https://www.unpac.me/results/e24114dc-0e09-4380-b94f-6385d033a9ff/
SH256 hash:
f19f6d6525d38d20a117a4c504b9b7de5d84312b416aed217d90ba44911b15b0
MD5 hash:
21c5b776a3e88127ee53702984bedbb4
SHA1 hash:
4cbf637cfe55b8351094c75aab4c8e1c6f462008
Link:
https://www.unpac.me/results/e24114dc-0e09-4380-b94f-6385d033a9ff/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.71
Link:
https://yomi.yoroi.company/submissions/f19f6d6525d38d20a117a4c504b9b7de5d84312b416aed217d90ba44911b15b0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/347815/
  
URLhaus
https://urlhaus.abuse.ch/url/2468701/

Comments