MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8b169ae90a0978ffa07617088bc2f8816dc55d4e156e33c799969c7a2c686cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 15 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8b169ae90a0978ffa07617088bc2f8816dc55d4e156e33c799969c7a2c686cf
SHA3-384 hash: 8197cd12bcd5f0cc210912429cc93ee432e86d118b26b21270cb0c20a9b6901ac6688f7a7818011ea6ecd690b4900bba
SHA1 hash: 1b52838b5098532d78b4d9c7cf2527bce24f8842
MD5 hash: 1c7e7cf34f97bd6b3c06f9538fa94e9a
humanhash: oranges-magazine-cat-india
File name:SecuriteInfo.com.Trojan.GenericKD.70722999.17081.32092
Download: download sample
File size:2'307'056 bytes
First seen:2024-01-19 06:19:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5aa94c7fbfc01c9462c4d62e06efe88a
ssdeep 49152:oMKP2Vh29Iq+6Qt5BOQuP+wYizRxbavf0CckGbNYLAsw1kL2+Ut:oMKP2VjnttPrQvd8f7DGbNdwLOt
Threatray 7 similar samples on MalwareBazaar
TLSH T16FB5234AC759CA25C34A7AFD144F4BCD0395FA0C652F83BD9D8338A6FA6586368341F2
TrID 46.6% (.EXE) Win32 EXE PECompact compressed (v2.x) (59069/9/14)
32.7% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
8.3% (.EXE) Win64 Executable (generic) (10523/12/4)
3.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
3.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon c8c49aa9acd6ea86 (3 x CobaltStrike, 1 x Arechclient2, 1 x BadRabbit)
Reporter SecuriteInfoCom
Tags:exe signed

Code Signing Certificate

Organisation:Adobe Inc.
Issuer:DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2022-05-02T00:00:00Z
Valid to:2024-05-01T23:59:59Z
Serial number: 06611c8eb8a1e9b65307c17604881adf
Intelligence: 9 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 76541b93e889b5827c982bf296b68c70fa73fc3d9d155141899944f20250258f
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
309
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
flashcenter_pp_ax_install_cn.exe
Verdict:
Malicious activity
Analysis date:
2023-11-26 18:08:43 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c19dfe78-8dc6-4cf7-8b53-276e0e8986ce

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/471619/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.70722999.17081.32092.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a file in the %temp% subdirectories
Creating a window
Creating a file
Changing a file
DNS request
Sending a custom TCP request
Moving a recently created file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
installer lolbin overlay packed packed pecompact shell32
Link:
https://www.filescan.io/uploads/65aa149499da41ccd7d7a400/reports/d3b4ce18-0b5c-4376-a39b-e5b2d99f1b75/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/f8b169ae90a0978ffa07617088bc2f8816dc55d4e156e33c799969c7a2c686cf
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a1526f51-e45c-470e-bffd-4ddbd363e7bf
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
42 / 100
Link:
https://www.joesandbox.com/analysis/1377248
Signature
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/f8b169ae90a0978ffa07617088bc2f8816dc55d4e156e33c799969c7a2c686cf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f8b169ae90a0978ffa07617088bc2f8816dc55d4e156e33c799969c7a2c686cf/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-03-17 18:11:21 UTC
File Type:
PE (Exe)
Extracted files:
396
AV detection:
3 of 38 (7.89%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7cywtluqucly76qhmfyirpbpralnyvou4flogpdztfu4piwgq3hq._file
Verdict:
unknown
Similar samples:
0ee662db7ac463b7869c983f911e3adfb224a04961f7af5673825153919e283b
79dc8da8c5f7b41a0eed67e10e5239355be1c6e089738138dfa3b753fe019355
9e90db01ca80d818532e8945641e807c541ede136613374bc39da9d1102c1be9
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/240119-g3rhlahab6/
Behaviour
Modifies Internet Explorer settings
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
467f6766c0fe82abc9286b530d7fa455360c8c7f20a7f28461c54873e4e4de21
MD5 hash:
6be622c4fd3a217b3f45dcd0b1897ffe
SHA1 hash:
0d31265517b835028a81eaf4e16dd3b60d4bc874
Link:
https://www.unpac.me/results/4a4c7ea3-efbd-48c4-af19-511fdf65aa8e/
Parent samples :
e8d6393b63beba6b6cad43f7068f597f9a9c89effba80917412c3f438214ec5c
1eb83f805c41a946b3cf639512ddfe1da13fce7aca90270448f1b03c343befff
c513dde23b6e4d4274696e7598f01f0bc96953ad14556fb7de24c765ab574327
f52ed6bc805585d9e81b15a327af3ecbccc67aac180dff55968b5133035ce74d
b09326eda96f66176f54837d11d485a281dd89f24addc68f2c1e5cfedffe90e3
490c76da1ec8a15a782850b4468cc7ab780ce8cc436d7b490c280588864940cf
363e545ebbeb5eafa15f17986c7e90abebe28774b7b4bb2c1fcb2ff64c9158b8
021cdda10106e4db66873cd411ae3ea1d63ce01a0de1889f658d73c84ea00c8e
68ad2b97e4e2c2e2dedd7b7cbb3a0483c09948513f849bcd22ebeee1f8f40cd3
797c029eb74037b438d4c8eebc774dd45c243e86570d0a2118b168ea7472ca0d
a3ee42d49a63d91f51e144c2372002385da3573c8179ed743eef439904a6cdf4
55d421ed6221bf7cb9cfc4a78c3b7dd8407f19933fd26af3adb4f659bfe81abb
3803477a8eaad24fbd1fb71245a009f371eab35186065534bb14ae5dc41f8e4b
e88a142edb195e0d7e73616f3f5edc8a8ae6fd811c2985ac591c0925122ca8ee
66a517357eb8d9d77f8e4f1e67bcb3d3ad36b95010ae2a47caef8fe9018bcfe6
0916b368912885a4b72e1f309de846041bcbb3b74e478964f11797f0e4ace419
4c5b6f817e37e530c3440d02fcfd808aaef1e15f880fc9cdb43799ecc86bb1e9
d0d9d1a383cd3123e3a740793e4e9dab17701dd26856c3d13bdd84aa9b6f3c44
0504da7e2670ac33821b1d29ab8e430bd262a873fd07dfae680e7816c705cdd2
5783db0ba968957f967255d34b62546fdd3f6e70aa65b2b3fae44228bf6441ca
SH256 hash:
94bf4afd3a77d76311159daa2f19643a7f7d1e2c4b37807651b328feeef34668
MD5 hash:
1115be7832a7fa6005cb06aa20cdbb5c
SHA1 hash:
d0cf4dcc15749f031b4f5631bd603daf3bae1696
Link:
https://www.unpac.me/results/4a4c7ea3-efbd-48c4-af19-511fdf65aa8e/
SH256 hash:
f8b169ae90a0978ffa07617088bc2f8816dc55d4e156e33c799969c7a2c686cf
MD5 hash:
1c7e7cf34f97bd6b3c06f9538fa94e9a
SHA1 hash:
1b52838b5098532d78b4d9c7cf2527bce24f8842
Link:
https://www.unpac.me/results/4a4c7ea3-efbd-48c4-af19-511fdf65aa8e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f8b169ae90a0978ffa07617088bc2f8816dc55d4e156e33c799969c7a2c686cf

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_getEIP_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:pecompact2
Create hunting rule
Author:Kevin Falcoz
Description:PECompact
Rule name:PECompact2xxBitSumTechnologies
Create hunting rule
Author:malware-lu
Rule name:PECompactV2XBitsumTechnologies
Create hunting rule
Author:malware-lu
Rule name:PECompactv2xx
Create hunting rule
Author:malware-lu
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:QbotStuff
Create hunting rule
Author:anonymous
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/471619/

Comments