MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11752b5276ee16c5aad18bd90480f51f707acef77a440a04030a4c6b4b0f144e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11752b5276ee16c5aad18bd90480f51f707acef77a440a04030a4c6b4b0f144e
SHA3-384 hash: e61d8b662377f23ac83dba7fe93d357e14c3fb265228156046923d24b7cf485e344f5d1257aa431144373701268d71db
SHA1 hash: 6711deaf6c756fece7f6ca7bd06a2d75a8db7f44
MD5 hash: 1c58f67a05da42c204fda6428a9d24f3
humanhash: green-five-alaska-december
File name:11752b5276ee16c5aad18bd90480f51f707acef77a440a04030a4c6b4b0f144e
Download: download sample
File size:3'906'528 bytes
First seen:2020-09-01 09:19:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 63f8a3e701f3eac2ada72b261b052d32
ssdeep 49152:zFIVGhAF+TT9BTvLEGk1BHqhEqY5Oz6C7nyYobAq9MW5dUlgaj:zGV69FC1BHqhA6nUAkul/
Threatray 45 similar samples on MalwareBazaar
TLSH 09067D02F7905025F5B31AB949AFA168A93DBA911B28A0C772DC1EDC5F75BE07C31393
Reporter JAMESWT_WT
Tags:Ample Digital Limited

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/53895/
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

SecuriteInfo.com.TR.Barys.726.195.UNOFFICIAL
Create hunting rule

PUA.Win.Trojan.Generic-6629273-0
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Deleting a system file
Running batch commands
Creating a process with a hidden window
DNS request
Changing a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/456337
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 280555 Sample: xWLQ25RGqQ Startdate: 01/09/2020 Architecture: WINDOWS Score: 60 20 Antivirus / Scanner detection for submitted sample 2->20 22 Multi AV Scanner detection for submitted file 2->22 24 Machine Learning detection for sample 2->24 7 xWLQ25RGqQ.exe 3 6 2->7         started        process3 dnsIp4 14 c.75cs.com 7->14 16 b.75cs.com 7->16 18 2 other IPs or domains 7->18 10 cmd.exe 1 7->10         started        process5 process6 12 conhost.exe 10->12         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/11752b5276ee16c5aad18bd90480f51f707acef77a440a04030a4c6b4b0f144e/
Threat name:
Win32.Infostealer.OnlineGames
Create hunting rule
Status:
Malicious
First seen:
2020-08-02 10:49:16 UTC
File Type:
PE (Exe)
Extracted files:
102
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
3a509e802831371c7bf1d69240980807db6fb2ea024e5c20eb83e62e0d7aa424
6819d725c2e35db9085e02233b20812ff24bdb0b62d07f3ddbd25caa2c19b64b
70dfab9ffb2930b2039ba78146150b6fb1ca12da19d23b18f4339488f7ccfd82
895abcd33e96522cc950a56ecc683e6fd340fe1f83dbbc61336fdbb16ac0c5ea
aace31706cb1354cace75314f42e73f930e954675230883a2ff39470264fe59c
ae908fa923abade520fd1563f88af3f20913d19dcb8e50601079eeca059e5993
b97f81682580a6bb92848e0b058df756c38606deb940725628895d05d035b565
dd735048e84f832db250acf7e9238d8c2a23e10600a48b45351ac6fe315c7050
e1d49dbd664cc8b4371fcd0d57da951aec767532252452d81f52d39cfb42a856
e62bafeac7136563e3c3b21d94daa7b5688e8f527dbb894d854c018e339df101
+ 35 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200901-xhlc3w2ha2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Drops file in Drivers directory
Drops file in Drivers directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/11752b5276ee16c5aad18bd90480f51f707acef77a440a04030a4c6b4b0f144e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/53895/

Comments