MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe7601a0453d38986ba3417aa4a1a5fb85d68d61eb0521dde25edf9acd311a37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe7601a0453d38986ba3417aa4a1a5fb85d68d61eb0521dde25edf9acd311a37
SHA3-384 hash: 91f908d8b3110b13e08ac074c19c6053f02bed993a6c4e3ca502eee5baf834ede7265283603e77d162b0b3b3cae5c639
SHA1 hash: 6bb39d13fe5b9414275e90256f78c00c2e6baffc
MD5 hash: e7a9d9b270fdae65303867b58bb163d1
humanhash: washington-oscar-pasta-cola
File name:fe7601a0453d38986ba3417aa4a1a5fb85d68d61eb0521dde25edf9acd311a37
Download: download sample
File size:3'766'752 bytes
First seen:2020-09-01 09:24:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1deac0af3e6e6b3d3bdd06e9d477f731
ssdeep 49152:16e4ZubpoGT50EGk1BHqhEqY5Oz6C7nyYobAqwMW5dUlgaD:16e4ZnC1BHqhA6nUAZulP
Threatray 47 similar samples on MalwareBazaar
TLSH 29068D11B7905025F9B31AB949AFA168993DBAE11B28A0C772DC1ECC5F35BE07C31397
Reporter JAMESWT_WT
Tags:Ample Digital Limited

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/53918/
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

SecuriteInfo.com.TR.Barys.726.195.UNOFFICIAL
Create hunting rule

PUA.Win.Trojan.Generic-6629273-0
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Deleting a system file
Running batch commands
Creating a process with a hidden window
DNS request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/456402
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 280592 Sample: c2cRGHNqMD Startdate: 01/09/2020 Architecture: WINDOWS Score: 60 20 Antivirus / Scanner detection for submitted sample 2->20 22 Multi AV Scanner detection for submitted file 2->22 24 Machine Learning detection for sample 2->24 7 c2cRGHNqMD.exe 1 2->7         started        process3 dnsIp4 14 c.75cs.com 7->14 16 b.75cs.com 7->16 18 2 other IPs or domains 7->18 10 cmd.exe 1 7->10         started        process5 process6 12 conhost.exe 10->12         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe7601a0453d38986ba3417aa4a1a5fb85d68d61eb0521dde25edf9acd311a37/
Threat name:
Win32.Infostealer.OnlineGames
Create hunting rule
Status:
Malicious
First seen:
2020-08-02 12:28:38 UTC
File Type:
PE (Exe)
Extracted files:
102
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
16566bcc907929b1251cf158430a0e336cfd0269be8683d928f820a78703e53d
326767b296e7de3941d974bb9abde500b5b7cbefe4a080ab33e6a5b9a69c3070
561fe3832a5681034418efd005c0f2ebae8b9a54efa6d52761980fe6b3a31337
78d35a3dafd0617427465e820f9b337531df9ff263853e84a7d2e6cfb1a5faa6
aa20d912d276a3e520ffb4eb47f3cf2f6381c96748059116bef76bd5f40ccb30
baea55fa8062fedcbcebf452f6e3989716121b9a91fd6382edae43062013a174
c79f3e70d3993f9da3f7b010f8a1610ee52919191bb29e2359305b1b75f1a6b3
dbbbb154dcc44afd21d46ac69120bac8ac97b51a824830e4abdacc5a2d676178
e435f53674819e736e86f8956be9a87bda220660ff775ed88920455285ab4723
fdb370e507a2dafd896f539be1e63bad7dd1963259606df11208f5e1498e6f20
+ 37 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200901-p75521xpkj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Drops file in Drivers directory
Drops file in Drivers directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fe7601a0453d38986ba3417aa4a1a5fb85d68d61eb0521dde25edf9acd311a37

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/53918/

Comments