MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01aa5a74d5069ad0023efb9ef27f181d6c268842111250254b5b812f4f93a678. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01aa5a74d5069ad0023efb9ef27f181d6c268842111250254b5b812f4f93a678
SHA3-384 hash: 7f725232cab18363441d1c0d08ad61c213281a3ca17b1c30c45cc151cf743726e9d0b178ea0b4bb4025dfd70abf918df
SHA1 hash: f75b4b2bf614ed2f0501aed1cfbbfca233ac8d97
MD5 hash: 6e78dad20d90bcabce5a4a31e6234673
humanhash: burger-speaker-winner-romeo
File name:6e78dad20d90bcabce5a4a31e6234673.exe
Download: download sample
File size:1'772'147 bytes
First seen:2021-02-25 10:41:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 646167cce332c1c252cdcb1839e0cf48 (8'473 x RedLineStealer, 4'851 x Amadey, 290 x Smoke Loader)
ssdeep 49152:HVaYcEUtO1glcSTqcnFFbc29XpAEqKCiGGu:6EUtaO/FFHeExVu
TLSH 52853352B2ED4873E95067F41CAB42031A313EB0CE289B635255C66E8CB17CAD5FAF1D
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6e78dad20d90bcabce5a4a31e6234673.exe
Verdict:
No threats detected
Analysis date:
2021-02-25 10:45:35 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e01a2d2a-2f5a-4816-8f2d-3d41a93ee6ae

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/119194/
Detection(s):
SecuriteInfo.com.Trojan.Agent.EAOQ.26295.2066.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/618590
Signature
Binary contains a suspicious time stamp
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01aa5a74d5069ad0023efb9ef27f181d6c268842111250254b5b812f4f93a678/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-25 10:42:14 UTC
AV detection:
9 of 29 (31.03%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210225-cq5ntzk5l2/
Unpacked files
SH256 hash:
01aa5a74d5069ad0023efb9ef27f181d6c268842111250254b5b812f4f93a678
MD5 hash:
6e78dad20d90bcabce5a4a31e6234673
SHA1 hash:
f75b4b2bf614ed2f0501aed1cfbbfca233ac8d97
Link:
https://www.unpac.me/results/724a7de8-26b4-45ff-b6a6-09ce6737f9d8/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 01aa5a74d5069ad0023efb9ef27f181d6c268842111250254b5b812f4f93a678

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1000821/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/119194/

Comments