MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4978baa69965549eda896dab4cb809e7f1dd537e88ecd5f90c42beab3da1f97. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4978baa69965549eda896dab4cb809e7f1dd537e88ecd5f90c42beab3da1f97
SHA3-384 hash: 90b57380b233edfe178f812a326b318ab6e47f45ddc888e73671b7076fa659aaeddb704393f21b44aacbee6f9531795d
SHA1 hash: dc305b4daa6e0e280f86d600c966a0c65f8a3925
MD5 hash: 383deb69ccc95017e5c9f3fe937f5aec
humanhash: october-item-lactose-lactose
File name:383deb69ccc95017e5c9f3fe937f5aec
Download: download sample
File size:8'654'420 bytes
First seen:2022-04-03 16:19:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a2d1a129d4fb35bc3689f4b64c3eb347
ssdeep 196608:jcgiLY8+5v1cE5RYvxuf4UVF0BnsKKCfGrefZrXNS:jcgi086v1ITUVFSjdZrk
Threatray 13 similar samples on MalwareBazaar
TLSH T138963388E5C9FC94E538F9B5D9679FFF820DB46E70DBF2200252EE97264AD436009712
File icon (PE):PE icon
dhash icon aae2f3e38383b629 (2'034 x Formbook, 1'183 x CredentialFlusher, 666 x AgentTesla)
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
219
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/260254/
Detection(s):
SecuriteInfo.com.AutoIT-14.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AutoIT-17.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Sending a custom TCP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/6249c9369253b276b7da386b/reports/eb876e8e-738e-4ca2-8d5d-a2e1b08e8fb0/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/98e83e58-7e88-4235-b001-b6e0047dae19
Result
Threat name:
Unknown
Detection:
malicious
Classification:
mine
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/969589
Signature
Binary is likely a compiled AutoIt script file
Found strings related to Crypto-Mining
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 602076 Sample: gBVDBxNKHX Startdate: 03/04/2022 Architecture: WINDOWS Score: 64 26 Multi AV Scanner detection for submitted file 2->26 28 Binary is likely a compiled AutoIt script file 2->28 30 Found strings related to Crypto-Mining 2->30 6 gBVDBxNKHX.exe 2 3 2->6         started        9 svsv.exe 2->9         started        11 svsv.exe 2->11         started        13 svsv.exe 2->13         started        process3 file4 24 C:\Users\user\AppData\Roaming\...\svsv.exe, PE32+ 6->24 dropped 15 svsv.exe 6->15         started        18 svsv.exe 9->18         started        20 svsv.exe 11->20         started        22 svsv.exe 13->22         started        process5 signatures6 32 Multi AV Scanner detection for dropped file 15->32
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4978baa69965549eda896dab4cb809e7f1dd537e88ecd5f90c42beab3da1f97/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-04-03 06:24:05 UTC
File Type:
PE+ (Exe)
Extracted files:
42
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
3e841431aaa53eb3cfa6f167b3a46bca0eb16d22e6fd1d06944414b78cc512d8
3f92929879f642470b73488aa719ae8c044a302969d14e70ea1ec2a1fda59bd3
57bd1d7a3ce9a10797575f75af56a675b3739ab5901e383a7870b17fa328ecb4
5dcea548692418c3f47e0f0b2f05991720e870c2c65170c603f6e8dbcc11dd23
ac5df971e605c439d1851391f51ae799b24823c47aea5c0ac177f00e5d4cc1f2
f18e085889d9d7324c57ecb800563ba2e808c0ef8ad52b7b1f1f3afa169bf836
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence upx
Link:
https://tria.ge/reports/220403-ts3jbsbfa3/
Behaviour
Suspicious use of WriteProcessMemory
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
f4978baa69965549eda896dab4cb809e7f1dd537e88ecd5f90c42beab3da1f97
MD5 hash:
383deb69ccc95017e5c9f3fe937f5aec
SHA1 hash:
dc305b4daa6e0e280f86d600c966a0c65f8a3925
Link:
https://www.unpac.me/results/1e53422c-01c0-439a-bebe-7405c1616ff3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/f4978baa69965549eda896dab4cb809e7f1dd537e88ecd5f90c42beab3da1f97

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f4978baa69965549eda896dab4cb809e7f1dd537e88ecd5f90c42beab3da1f97

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/260254/
  
URLhaus
https://urlhaus.abuse.ch/url/2129497/

Comments


Avatar
zbet commented on 2022-04-03 16:19:30 UTC

url : hxxp://198.12.116.254/mine.exe