DaBaiCai.exe

Sample information


0

Antivirus detections

0

IDS alerts

14

Processes

0

Http events

14

Contacted hosts

16

DNS Requests

    10


    Score

Current activity of this Sample

Blacklist timeline

W32.Malware

Hybrid-Analysis

First seen: Tue Sep 08 2020 13:15:26 GMT+0000
Last seen: Tue Sep 08 2020 14:15:26 GMT+0000
Period: an hour
Hashes
Filename:
DaBaiCai.exe
md5:
a9689464092f3667d36b7f271ff6ec76
sha1:
b4a744bc3d908e9b96ce36217642096fd58586bb
sha256:
bfa751481edf923c96d8098e256bb262a39ee94a6149170634ca164beb1c31c8

In depth details
Filetype:
PE32 executable (GUI) Intel 80386, for MS Windows, ...
Size (Bytes):
3465216
Classification:
malicious

Dates
Indexed:
Tue Sep 08 2020 14:15:26 GMT+0000 (5 years ago)
Last modified:
Tue Sep 08 2020 14:15:26 GMT+0000 (5 years ago)

Developers can check API Specification here:

API Specification

Request:

          
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/bfa751481edf923c96d8098e256bb262a39ee94a6149170634ca164beb1c31c8

Request:

Alternatively you can use Maltiverse Python3 Library: 
          
import requests
import json

url = 'https://api.maltiverse.com/sample/bfa751481edf923c96d8098e256bb262a39ee94a6149170634ca164beb1c31c8'
response = requests.get(url)
print(json.dumps(response.json(), indent=4, sort_keys=True))

Request:

          
$url = 'https://api.maltiverse.com/sample/bfa751481edf923c96d8098e256bb262a39ee94a6149170634ca164beb1c31c8'
$headers =  @{Authorization=("Bearer {0}" -f "<API_KEY>")}
$response = Invoke-RestMethod $url -Headers $headers
Write-Output $response

Response:

      
{
    "av_ratio": 4,
    "blacklist": [
        {
            "count": 1,
            "description": "W32.Malware",
            "first_seen": "2020-09-08 14:15:26",
            "last_seen": "2020-09-08 14:15:26",
            "source": "Hybrid-Analysis"
        }
    ],
    "classification": "malicious",
    "contacted_host": [
        "47.106.175.21",
        "103.205.6.84",
        "47.92.99.221",
        "157.255.225.49",
        "140.206.225.244",
        "47.97.7.140",
        "123.125.221.44",
        "140.206.225.136",
        "47.92.171.207",
        "123.125.221.6",
        "47.92.75.245",
        "47.92.157.216",
        "36.155.10.5",
        "39.98.93.220"
    ],
    "creation_time": "2020-09-08 14:15:26",
    "dns_request": [
        "down.winbaicai.com",
        "hub5c.hz.sandai.net",
        "hub5idx.shub.hz.sandai.net",
        "hub5p.hz.sandai.net",
        "hub5pn.hz.sandai.net",
        "hub5pnc.hz.sandai.net",
        "hub5pr.hz.sandai.net",
        "hub5sr.shub.hz.sandai.net",
        "hub5u.hz.sandai.net",
        "hubstat.hz.sandai.net",
        "hubstat.sandai.net",
        "imhub5pr.hz.sandai.net",
        "pmap.hz.sandai.net",
        "relay.phub.hz.sandai.net",
        "score.phub.hz.sandai.net",
        "tongji.laomaotao.net"
    ],
    "filename": [
        "DaBaiCai.exe"
    ],
    "filetype": "PE32 executable (GUI) Intel 80386, for MS Windows, ...",
    "is_alive": false,
    "is_cdn": false,
    "is_cnc": false,
    "is_distributing_malware": false,
    "is_hosting": false,
    "is_iot_threat": false,
    "is_known_attacker": false,
    "is_known_scanner": false,
    "is_mining_pool": false,
    "is_open_proxy": false,
    "is_phishing": false,
    "is_sinkhole": false,
    "is_storing_phishing": false,
    "is_tor_node": false,
    "is_vpn_node": false,
    "md5": "a9689464092f3667d36b7f271ff6ec76",
    "modification_time": "2020-09-08 14:15:26",
    "process_list": [
        {
            "name": "DaBaiCai.exe",
            "normalizedpath": "C:\\DaBaiCai.exe",
            "sha256": "bfa751481edf923c96d8098e256bb262a39ee94a6149170634ca164beb1c31c8",
            "uid": "00081773-00002380"
        },
        {
            "commandline": "C:\\DaBaiCai.exe",
            "name": "DaBaiCai.exe",
            "normalizedpath": "C:\\DaBaiCai\\DaBaiCai.exe",
            "sha256": "bfa751481edf923c96d8098e256bb262a39ee94a6149170634ca164beb1c31c8",
            "uid": "00083725-00001512"
        },
        {
            "commandline": "/enum all",
            "name": "bcdedit.exe",
            "normalizedpath": "%TEMP%\\bcdedit.exe",
            "sha256": "e5bc427ba84627fa84861c54044df8ac3c3b3c3ed3d007265c6b18f588d0ca8a",
            "uid": "00084037-00002068"
        },
        {
            "commandline": "/enum all",
            "name": "bcdedit.exe",
            "normalizedpath": "%TEMP%\\bcdedit.exe",
            "sha256": "e5bc427ba84627fa84861c54044df8ac3c3b3c3ed3d007265c6b18f588d0ca8a",
            "uid": "00084364-00003116"
        },
        {
            "commandline": "/enum all",
            "name": "bcdedit.exe",
            "normalizedpath": "%TEMP%\\bcdedit.exe",
            "sha256": "e5bc427ba84627fa84861c54044df8ac3c3b3c3ed3d007265c6b18f588d0ca8a",
            "uid": "00084693-00002424"
        },
        {
            "commandline": "/English /?",
            "name": "Dism.exe",
            "normalizedpath": "%WINDIR%\\System32\\Dism.exe",
            "sha256": "001300a5323bf6c1812b686c1c896857d4cf85c676e48f451d8cb7b9a8f0afe0",
            "uid": "00084723-00003572"
        },
        {
            "commandline": "/English /online /Export-Driver /?",
            "name": "Dism.exe",
            "normalizedpath": "%WINDIR%\\System32\\Dism.exe",
            "sha256": "001300a5323bf6c1812b686c1c896857d4cf85c676e48f451d8cb7b9a8f0afe0",
            "uid": "00084761-00003732"
        },
        {
            "commandline": "{4C45D839-C749-4511-AB6D-D6A6A66F54DC}",
            "name": "DismHost.exe",
            "normalizedpath": "%TEMP%\\5FB663D3-F2C5-4E88-8227-208B65967DD3\\DismHost.exe",
            "sha256": "ecb636b278261eade712e68ec7d805d20e802628248da872d3d0ada1432ffc11",
            "uid": "00084813-00001916"
        },
        {
            "commandline": "{91F402F8-7694-4FC5-84EB-FBB119A561CB}",
            "name": "DismHost.exe",
            "normalizedpath": "%TEMP%\\97870800-EB89-4515-9467-BD0D9C88C2F9\\DismHost.exe",
            "sha256": "ecb636b278261eade712e68ec7d805d20e802628248da872d3d0ada1432ffc11",
            "uid": "00085000-00001536"
        },
        {
            "commandline": "/enum all /v",
            "name": "bcdedit.exe",
            "normalizedpath": "%TEMP%\\bcdedit.exe",
            "sha256": "e5bc427ba84627fa84861c54044df8ac3c3b3c3ed3d007265c6b18f588d0ca8a",
            "uid": "00085022-00003616"
        },
        {
            "name": "MiniTPFw.exe",
            "normalizedpath": "C:\\DaBaiCai\\Data\\Bin\\download\\MiniTPFw.exe",
            "sha256": "f02fa7ddab2593492b9b68e3f485e59eb755380a9235f6269705f6d219dff100",
            "uid": "00085919-00003400"
        },
        {
            "commandline": "MiniThunderPlatform2020-09-0814:05:12 \"C:\\DaBaiCai\\Data\\Bin\\download\\MiniThunderPlatform.exe\"",
            "name": "ThunderFW.exe",
            "normalizedpath": "C:\\DaBaiCai\\Data\\Bin\\download\\ThunderFW.exe",
            "sha256": "298d334b630c77b70e66cf5e9c1924c7f0d498b02c2397e92e2d9efdff2e1bdf",
            "uid": "00086094-00002292"
        },
        {
            "commandline": "-StartTP",
            "name": "MiniThunderPlatform.exe",
            "normalizedpath": "C:\\DaBaiCai\\Data\\Bin\\download\\MiniThunderPlatform.exe",
            "sha256": "c9b84b242479762dfca7b707376fde73ce99aa7befa74b9d4f18b4ec1967bd29",
            "uid": "00086115-00003088"
        },
        {
            "commandline": "-StartTP",
            "name": "MiniThunderPlatform.exe",
            "normalizedpath": "C:\\DaBaiCai\\Data\\Bin\\download\\MiniThunderPlatform.exe",
            "sha256": "c9b84b242479762dfca7b707376fde73ce99aa7befa74b9d4f18b4ec1967bd29",
            "uid": "00086394-00000552"
        }
    ],
    "score": 10,
    "sha1": "b4a744bc3d908e9b96ce36217642096fd58586bb",
    "sha256": "bfa751481edf923c96d8098e256bb262a39ee94a6149170634ca164beb1c31c8",
    "size": 3465216,
    "tag": [
        "banker",
        "bolek",
        "carberp"
    ],
    "type": "sample"
}
Network contacts
DNS Requests
down.winbaicai.com
hub5c.hz.sandai.net
hub5idx.shub.hz.sandai.net
hub5p.hz.sandai.net
hub5pn.hz.sandai.net
hub5pnc.hz.sandai.net
hub5pr.hz.sandai.net
hub5sr.shub.hz.sandai.net
hub5u.hz.sandai.net
hubstat.hz.sandai.net
hubstat.sandai.net
imhub5pr.hz.sandai.net
pmap.hz.sandai.net
relay.phub.hz.sandai.net
score.phub.hz.sandai.net
tongji.laomaotao.net
Contacted Hosts
47.106.175.21
103.205.6.84
47.92.99.221
157.255.225.49
140.206.225.244
47.97.7.140
123.125.221.44
140.206.225.136
47.92.171.207
123.125.221.6
47.92.75.245
47.92.157.216
36.155.10.5
39.98.93.220
Process list
uid
00081773-00002380
commandline
name
DaBaiCai.exe
normalizedpath
C:\DaBaiCai.exe
sha256
bfa751481edf923c96d8098e256bb262a39ee94a6149170634ca164beb1c31c8
uid
00083725-00001512
commandline
C:\DaBaiCai.exe
name
DaBaiCai.exe
normalizedpath
C:\DaBaiCai\DaBaiCai.exe
sha256
bfa751481edf923c96d8098e256bb262a39ee94a6149170634ca164beb1c31c8
uid
00084037-00002068
commandline
/enum all
name
bcdedit.exe
normalizedpath
%TEMP%\bcdedit.exe
sha256
e5bc427ba84627fa84861c54044df8ac3c3b3c3ed3d007265c6b18f588d0ca8a
uid
00084364-00003116
commandline
/enum all
name
bcdedit.exe
normalizedpath
%TEMP%\bcdedit.exe
sha256
e5bc427ba84627fa84861c54044df8ac3c3b3c3ed3d007265c6b18f588d0ca8a
uid
00084693-00002424
commandline
/enum all
name
bcdedit.exe
normalizedpath
%TEMP%\bcdedit.exe
sha256
e5bc427ba84627fa84861c54044df8ac3c3b3c3ed3d007265c6b18f588d0ca8a
uid
00084723-00003572
commandline
/English /?
name
Dism.exe
normalizedpath
%WINDIR%\System32\Dism.exe
sha256
001300a5323bf6c1812b686c1c896857d4cf85c676e48f451d8cb7b9a8f0afe0
uid
00084761-00003732
commandline
/English /online /Export-Driver /?
name
Dism.exe
normalizedpath
%WINDIR%\System32\Dism.exe
sha256
001300a5323bf6c1812b686c1c896857d4cf85c676e48f451d8cb7b9a8f0afe0
uid
00084813-00001916
commandline
{4C45D839-C749-4511-AB6D-D6A6A66F54DC}
name
DismHost.exe
normalizedpath
%TEMP%\5FB663D3-F2C5-4E88-8227-208B65967DD3\DismHost.exe
sha256
ecb636b278261eade712e68ec7d805d20e802628248da872d3d0ada1432ffc11
uid
00085000-00001536
commandline
{91F402F8-7694-4FC5-84EB-FBB119A561CB}
name
DismHost.exe
normalizedpath
%TEMP%\97870800-EB89-4515-9467-BD0D9C88C2F9\DismHost.exe
sha256
ecb636b278261eade712e68ec7d805d20e802628248da872d3d0ada1432ffc11
uid
00085022-00003616
commandline
/enum all /v
name
bcdedit.exe
normalizedpath
%TEMP%\bcdedit.exe
sha256
e5bc427ba84627fa84861c54044df8ac3c3b3c3ed3d007265c6b18f588d0ca8a
uid
00085919-00003400
commandline
name
MiniTPFw.exe
normalizedpath
C:\DaBaiCai\Data\Bin\download\MiniTPFw.exe
sha256
f02fa7ddab2593492b9b68e3f485e59eb755380a9235f6269705f6d219dff100
uid
00086094-00002292
commandline
MiniThunderPlatform2020-09-0814:05:12 "C:\DaBaiCai\Data\Bin\download\MiniThunderPlatform.exe"
name
ThunderFW.exe
normalizedpath
C:\DaBaiCai\Data\Bin\download\ThunderFW.exe
sha256
298d334b630c77b70e66cf5e9c1924c7f0d498b02c2397e92e2d9efdff2e1bdf
uid
00086115-00003088
commandline
-StartTP
name
MiniThunderPlatform.exe
normalizedpath
C:\DaBaiCai\Data\Bin\download\MiniThunderPlatform.exe
sha256
c9b84b242479762dfca7b707376fde73ce99aa7befa74b9d4f18b4ec1967bd29
uid
00086394-00000552
commandline
-StartTP
name
MiniThunderPlatform.exe
normalizedpath
C:\DaBaiCai\Data\Bin\download\MiniThunderPlatform.exe
sha256
c9b84b242479762dfca7b707376fde73ce99aa7befa74b9d4f18b4ec1967bd29