MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f52161f0f6ecb5491563197f060af8b0beb91525704e8a13c151d932a73d3107. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f52161f0f6ecb5491563197f060af8b0beb91525704e8a13c151d932a73d3107
SHA3-384 hash: cd5490adbb7ed495c8bd7c0302e0a056867ddf57ab0e5e7138b8e12c355991b4e4741fefae28ff6b490b114230f5fa1d
SHA1 hash: fc8be784b23c853aaf0ce971ce0cecd1abb94196
MD5 hash: 5e8ffb26157672843d2a3b429814838b
humanhash: oklahoma-glucose-mockingbird-sweet
File name:5e8ffb26157672843d2a3b429814838b.dll
Download: download sample
File size:1'425'408 bytes
First seen:2022-01-26 15:28:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:Xa1QHwgJMrQqj/wAc6QORNx2nAjwkaWm0GV9igWwlnwXQBwfalj21X4GtZ+FdnZu:HH5qloBMl
TLSH T1E465EF43180C819F9867D76421671D97EEF87E47F2C84E2ED1E428B84AEBDA674C604F
Reporter abuse_ch
Tags:dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5e8ffb26157672843d2a3b429814838b.dll
Verdict:
No threats detected
Analysis date:
2022-01-27 00:19:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4e184c3f-6670-42ae-9d2f-a0c6cc023648

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/223435/
Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/61f168c2d73ca9d4648df5a3/reports/77360b73-fba3-4e5f-93b8-83b1e419f223/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/30e8c980-37ee-4ba8-8840-c854c802dee6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/928405
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 560880 Sample: PmmtqHqeX1.dll Startdate: 27/01/2022 Architecture: WINDOWS Score: 52 13 Multi AV Scanner detection for submitted file 2->13 15 Sigma detected: Suspicious Call by Ordinal 2->15 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f52161f0f6ecb5491563197f060af8b0beb91525704e8a13c151d932a73d3107/
Threat name:
ByteCode-MSIL.Trojan.Phonzy
Create hunting rule
Status:
Malicious
First seen:
2022-01-26 15:29:11 UTC
File Type:
PE+ (Dll)
AV detection:
8 of 43 (18.60%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220126-sww1aafag3/
Unpacked files
SH256 hash:
f52161f0f6ecb5491563197f060af8b0beb91525704e8a13c151d932a73d3107
MD5 hash:
5e8ffb26157672843d2a3b429814838b
SHA1 hash:
fc8be784b23c853aaf0ce971ce0cecd1abb94196
Link:
https://www.unpac.me/results/e4dc1ddb-ad60-4012-ba65-2c6d2a1011a1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f52161f0f6ecb5491563197f060af8b0beb91525704e8a13c151d932a73d3107

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f52161f0f6ecb5491563197f060af8b0beb91525704e8a13c151d932a73d3107

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1994713/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/223435/

Comments