MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f481531352f8d5eab744c2ffb84d033526b8e520a3da78faf4cff0a9c7bc18d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f481531352f8d5eab744c2ffb84d033526b8e520a3da78faf4cff0a9c7bc18d5
SHA3-384 hash: 34a0a22dec5de26e1fdee25c3e1610ce4898e253c65761cace48704281572aecd45419302f0b796971381d8ca17e04bb
SHA1 hash: a595f315e74c4c1180dc7bcd489456765b3d474f
MD5 hash: 9e3e98b44d3a63411024df0c882824f4
humanhash: nuts-august-nuts-steak
File name:9e3e98b44d3a63411024df0c882824f4.exe
Download: download sample
File size:4'896'145 bytes
First seen:2023-08-14 05:15:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 56a78d55f3f7af51443e58e0ce2fb5f6 (728 x GuLoader, 452 x Formbook, 295 x Loki)
ssdeep 98304:v7blDeLgmSEQSX4JmrEep3qYJFir0RfLitzKvQ4AcNvkcDHxxe67d:v77mSLtV8qY64RfLK+Q4AaZxx3h
Threatray 4'307 similar samples on MalwareBazaar
TLSH T1CF3633533193A4E8C7291AB250A2EBFB68F44A722F691315B3A01795F8F3FC45D0B617
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 7084b2b2b2b2bc32
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
267
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
9e3e98b44d3a63411024df0c882824f4.exe
Verdict:
No threats detected
Analysis date:
2023-08-14 05:18:31 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/656a898d-fce8-4fe8-b23e-bdf9058cdaad

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/442565/
Detection(s):
SecuriteInfo.com.NSIS.MalwareX-gen.8186.17860.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/102807/overview
Behaviour
MalwareBazaar
Gathering data
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/f481531352f8d5eab744c2ffb84d033526b8e520a3da78faf4cff0a9c7bc18d5
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ed5f7221-f501-4f5a-af19-82efce0c6ded
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1290781
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f481531352f8d5eab744c2ffb84d033526b8e520a3da78faf4cff0a9c7bc18d5/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-08-13 20:47:34 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
6 of 38 (15.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6savge2s7dk6vn2eyl73qtidgutlrzjaupnhr6xuz7yktr54ddkq._file
Verdict:
malicious
Similar samples:
238864be2d731bc5838b95c8bb50b961d19f04b6b64d3daf323db967266fa458
29032ae14e315863a55a0851c3e1c9cb246beb4513a279d8b1bf7fac97be6ff7
2bab4b4ef0cd5ce5f2dff0ddcbdfb7295c0d141fb4c88ec305268b24a3e23a5c
3632e05e0742cd8f5d764ecaf243796aeb11ba5dfa858d4a2a2fae1d04734dcb
79866667d5cd578a1c6eda54a748ff9d316fff39064eecd282bc2a9ad8a5ac7d
8eaffa403a0bacae0e43928c07f77ea8540b480eda49e10d4a44079b8e0236fe
9ada0ca121fe2b402b0da1728cd9f1fbb36d61a62fd40bbe8428756c329e04e8
da9c5f609ebbcf19aef3d6992d451ccbe4fa77858660f6861146d1a486e1d98e
ebb0272ecef9d8bf07a71b9ead8718760d27c4fdc334fe2de7a8b93237e61044
f747c8459e01b65714e550719afb55cbe6ccb459ddadaf611b35f3454086c8ea
+ 4'297 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230814-fxkmeshh35/
Behaviour
Enumerates physical storage devices
Unpacked files
SH256 hash:
f481531352f8d5eab744c2ffb84d033526b8e520a3da78faf4cff0a9c7bc18d5
MD5 hash:
9e3e98b44d3a63411024df0c882824f4
SHA1 hash:
a595f315e74c4c1180dc7bcd489456765b3d474f
Link:
https://www.unpac.me/results/539d60e9-d226-48d9-bf30-85af036deb05/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f481531352f8d5eab744c2ffb84d033526b8e520a3da78faf4cff0a9c7bc18d5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f481531352f8d5eab744c2ffb84d033526b8e520a3da78faf4cff0a9c7bc18d5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2690258/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/442565/

Comments