MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffdf7e20539e1aa6c31d8675e83b98bcb12f28810575509f8a8a79622dc456a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ffdf7e20539e1aa6c31d8675e83b98bcb12f28810575509f8a8a79622dc456a8
SHA3-384 hash: c9d59c75e066b9680be6d331893ac60773640d2d9d558943536408fd365c7574282e967716e98041dfbd2e3a669cbf7d
SHA1 hash: 40d125a14854e09ee0e95f9bb25afa5c1a0d044d
MD5 hash: a31f9f2d3f565b2609ac413d11283d1d
humanhash: avocado-ten-mexico-aspen
File name:a31f9f2d3f565b2609ac413d11283d1d
Download: download sample
File size:202'752 bytes
First seen:2022-10-10 07:54:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash be3e7aa073c4f5471cc568fb9e53f0a7
ssdeep 3072:3qowD71AbpdG3oopu/IKCYj9y24AkOvYaLFgungbNTK/lCeYk26cZAfm2G:l6J2ALuYb2jB5x7k8lCe4ZA
Threatray 1 similar samples on MalwareBazaar
TLSH T1AE14022B01911E13D0E31B3C41946FF3C2ECD2648779F9D12BAC4C9BD9997A291B9B63
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
245
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/318252/
Detection(s):
SecuriteInfo.com.Trojan.Packed.29786.20507.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/6343cfd71ddf36bcc3f43186/reports/96f97c14-177d-45b5-81e1-58b8a00b19f6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4d889035-2fdb-442a-8157-c32a7c90d1d2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1087469
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ffdf7e20539e1aa6c31d8675e83b98bcb12f28810575509f8a8a79622dc456a8/
Threat name:
Win32.Trojan.LgoogLoader
Create hunting rule
Status:
Malicious
First seen:
2022-10-08 12:33:13 UTC
File Type:
PE (Exe)
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=77px4icttynknqy5qz26qo4yxsys6kebav2vbh4krj4weloek2ua._file
Verdict:
malicious
Similar samples:
8aa42c477d96d5cf3a5d9ea88ebc6e82d8db7970f85fd03924447040e2758a96
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221010-jr41nabbb7/
Verdict:
Informative
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/44959ccb-b0da-498d-b6a2-8cb92f9b1b2b
Unpacked files
SH256 hash:
e2f1593fff9ba5f4fb8b9745dbf00fa0c9b8a439fe11f748748d1e46ddb8eeb2
MD5 hash:
555cd6c3d8ab933f6cf35a069f5fa13f
SHA1 hash:
7859352d01764f3cf5ca2a1406c5e43cd1c70ce9
Link:
https://www.unpac.me/results/eb110581-fda0-42a3-bc0c-812164d20deb/
SH256 hash:
ceb192ff08bda7b4cb12d2f55806be2e5038e0701a8304dc210e9348a4d50b34
MD5 hash:
2b1c72b8354a9ce3204548c7cb0fc24e
SHA1 hash:
7790b7ade96afde27a5c1887394891932b5780e6
Link:
https://www.unpac.me/results/eb110581-fda0-42a3-bc0c-812164d20deb/
SH256 hash:
ffdf7e20539e1aa6c31d8675e83b98bcb12f28810575509f8a8a79622dc456a8
MD5 hash:
a31f9f2d3f565b2609ac413d11283d1d
SHA1 hash:
40d125a14854e09ee0e95f9bb25afa5c1a0d044d
Link:
https://www.unpac.me/results/eb110581-fda0-42a3-bc0c-812164d20deb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ffdf7e20539e1aa6c31d8675e83b98bcb12f28810575509f8a8a79622dc456a8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ffdf7e20539e1aa6c31d8675e83b98bcb12f28810575509f8a8a79622dc456a8

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/318252/
  
URLhaus
https://urlhaus.abuse.ch/url/2354966/

Comments