YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 8b6f3bcdd0bc5fbde9cca80d3b8f75898f98e9c834b0e91416c1f9c4a82536a0.
Scan Results
| SHA256 hash: | 8b6f3bcdd0bc5fbde9cca80d3b8f75898f98e9c834b0e91416c1f9c4a82536a0 | |
|---|---|---|
| File size: | 565'248 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 19a88fbee62b0a09d9d070a892e43d0d | |
| SHA1 hash: | 3f9998135d78abab12c25e081a363702200c4e88 | |
| SHA3-384 hash: | c72edfff81a780e1116f945557c391ef8391419a3743f96300ba263ca7ef5d314894c773933c4451fd19fa5b04e90dcf | |
| First seen: | 2022-04-19 07:44:43 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | 577a8d3e64977f9ee2b9e04ac0e96174 | |
| ssdeep : | 12288:W1JF3E3HDei3oXA2jCXgXLz/HQOqzjW/N+a8W:W1LU3Hq6oXA2jBXHnqzjGR8W | |
| TLSH : | T1A3C4E11A77E48811F5BF8973157080518BBA78121E2BDE1F67C1B52D2E386C08E66FE7 | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 93d23aef-bfb4-11ec-a2d7-42010aa4000b | |
|---|---|---|
| File name: | 400000.kqxnamcagu.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
No matches
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | INDICATOR_SUSPICIOUS_Binary_References_Browsers |
|---|---|
| Author: | ditekSHen |
| Description: | Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables with potential process hoocking |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables referencing many email and collaboration clients. Observed in information stealers |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | INDICATOR_SUSPICIOUS_EXE_TelegramChatBot |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables using Telegram Chat Bot |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | MAL_Envrial_Jan18_1 |
|---|---|
| Author: | Florian Roth |
| Description: | Detects Encrial credential stealer malware |
| Reference: | https://twitter.com/malwrhunterteam/status/953313514629853184 |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | MAL_Envrial_Jan18_1_RID2D8C |
|---|---|
| Author: | Florian Roth |
| Description: | Detects Encrial credential stealer malware |
| Reference: | https://twitter.com/malwrhunterteam/status/953313514629853184 |
| TLP: | TLP:WHITE |
| Rule name: | MAL_Lokibot_Stealer |
|---|---|
| Description: | Detects Lokibot Stealer Variants |
| TLP: | TLP:WHITE |
| Rule name: | MALWARE_Win_SnakeKeylogger |
|---|---|
| Author: | ditekSHen |
| Description: | Detects Snake Keylogger |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter