MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0819fa0d5a479b366b9a9c5bdacea003d1294f6be6b21df12e561a0b42a6048e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 4


Intelligence 4 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0819fa0d5a479b366b9a9c5bdacea003d1294f6be6b21df12e561a0b42a6048e
SHA3-384 hash: 1bfc93668c4a41701f55abbc37a59f387d691b36a53ae00a522f4fd83b3986d51d1e9bf8d3b2e22ff3b19a43ac2a3d31
SHA1 hash: b937e01a034ae7404addf9b1b3810d13aba00cbc
MD5 hash: 7d67c2cf1fe784c6db205dc85ae3acb2
humanhash: green-maine-indigo-april
File name:Setup.zip
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:7'256'560 bytes
First seen:2022-10-28 07:53:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:ETKfmNMZTXXa8lS766N7wQipU9n0hv9tblqLRnVTM:HfmNMZW7766NIOeFtcW
TLSH T15A7611AC78B5B91BF9D4437BC6852CB6DB2CA440E7DD3D9B8E2041167C8310F6F6A861
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter JAMESWT_WT
Tags:file-pumped recordbreaker soft-free-space zip

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://89.208.103.222/ https://threatfox.abuse.ch/ioc/952628/

Intelligence

File Origin
# of uploads :
1
# of downloads :
160
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Setup.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:761'761'280 bytes
SHA256 hash: 4732d1479ea0497a53b02bd395ba8fa889331204d0a8016febac64761ee61197
MD5 hash: 7f3af3ae49e7fc77045cf83d04958636
De-pumped file size:6'786'560 bytes (Vs. original size of 761'761'280 bytes)
De-pumped SHA256 hash: 8a2271a2ae1c7a594cf668a5b0a10e5faba6f7d69ed754171801a9d008f11d5b
De-pumped MD5 hash: 9e3934b3ff5eec5662ec81e26fdfa7da
MIME type:application/x-dosexec
Signature RecordBreaker
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.63192915.7550.17663.UNOFFICIAL
Create hunting rule

Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0819fa0d5a479b366b9a9c5bdacea003d1294f6be6b21df12e561a0b42a6048e/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-10-28 08:36:26 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
6 of 42 (14.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bam7udk2i6ntm242trn5vtvaapisst3l42zb34jokynawqvgasha._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/221028-jrjpqaehh4/
Behaviour
Suspicious behavior: EnumeratesProcesses
Enumerates physical storage devices
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0819fa0d5a479b366b9a9c5bdacea003d1294f6be6b21df12e561a0b42a6048e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments