MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 093b41e7ab70e8ae0c8fd76032d9399764583bb820cbfbc39048cb3a6a7822d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 093b41e7ab70e8ae0c8fd76032d9399764583bb820cbfbc39048cb3a6a7822d9
SHA3-384 hash: dd386e288e6be7a1545d40a78938b02b6369afc4cf20a91d2aecc7be8a2a53f425c8b38f3a589574308a42ad5d8feabb
SHA1 hash: c235b3b09c2c32983ae84a650ac94f7c4471a5ee
MD5 hash: 5eec1efdb95a96916f96b6c40c7225d2
humanhash: arkansas-kilo-juliet-saturn
File name:5eec1efdb95a96916f96b6c40c7225d2
Download: download sample
File size:1'252'864 bytes
First seen:2022-07-29 06:10:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1e33718404ffbe0d91b536c10bf053f8 (80 x RedLineStealer, 7 x RecordBreaker, 4 x N-W0rm)
ssdeep 24576:FNvy7BkuF9e1+ox4FYFYURSzB+KM65hd6gaxDjQKTtLOwc787y8alO:F4t3F9C+oan2Gutzr7y8alO
Threatray 165 similar samples on MalwareBazaar
TLSH T154455D29E70615B8D76357B2819EFA7B9B147A248032AE3FFF4BDA0CB4331127C85156
TrID 44.6% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
23.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.4% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
242
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://mega.nz/file/OKwjhZiZ#833J8cSXaUW5lx99JtfYDSkvkssRmlPR-bjcQeeKsMw
Verdict:
Malicious activity
Analysis date:
2022-07-29 03:02:30 UTC
Tags:
trojan loader evasion
Link:
https://app.any.run/tasks/2f4b9ee6-d28b-413b-bd20-0e2478185082

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/295024/
Detection(s):
Win.Trojan.Fragtor-9955199-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/27718/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/04049c6c-00a5-4b0d-aab0-cc6c0bff1e8c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1042897
Signature
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/093b41e7ab70e8ae0c8fd76032d9399764583bb820cbfbc39048cb3a6a7822d9/
Threat name:
Win32.Spyware.Convagent
Create hunting rule
Status:
Malicious
First seen:
2022-07-29 06:11:07 UTC
File Type:
PE (Exe)
AV detection:
22 of 26 (84.62%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=be5udz5loduk4dep25qdfwjzs5sfqo5yedf7xq4qjdftu2tyelmq._file
Verdict:
malicious
Similar samples:
1884157c40c3b403fb72cbf146d6efc48e58fa23dc43584bd82a40d2b8f01a7c
26b026ec1b7075e871d3935fa044dcd51304d261c9f57d9d0c40ae716a0c2c63
46020ac8411350b4ba1817d4ca2ca15d4cfdd06fd4b2a3c6cb42515cec2765a1
460d5aa48b9a922f9b8789e0b3373d861b54ec304a900468e2af3721d3d549eb
5b3273f09ad5782f7a310f93799361caa312624ab75e7a09c445af4422ce467a
7d85c6c8abf4c9f2fa6c4528991979d5cbedefc73ec3ce83c04a4839b50c9555
bf7050e71da2ed976d1298a9732c78aeba04db079848da295b4ed0ec0cac4e35
e1cb5853335ddce9913c64d88415c6f40197a5dcd0c4d085cc1f1a650959bc66
f29f9ffb56dc42e465f4b30e98fc7649c32779af7a999b3a2e28391cfc28bc0b
ffbb61bc22bccc9beca98a3abba5da12188b94035709649c4f7112d07ce4ced2
+ 155 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/220729-gxk4maegf3/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Unpacked files
SH256 hash:
b6a33fa63d7911bc6dbba63bc92f9d103847098631a7cbb58c2dc4099a7faaeb
MD5 hash:
40f1600ee85c5d60c395d828ed586939
SHA1 hash:
bb3e2d9e250f9ad51258616169601bbc1fca6e84
Link:
https://www.unpac.me/results/a57d483e-21c6-4639-b1bc-eec93c53b442/
SH256 hash:
093b41e7ab70e8ae0c8fd76032d9399764583bb820cbfbc39048cb3a6a7822d9
MD5 hash:
5eec1efdb95a96916f96b6c40c7225d2
SHA1 hash:
c235b3b09c2c32983ae84a650ac94f7c4471a5ee
Link:
https://www.unpac.me/results/a57d483e-21c6-4639-b1bc-eec93c53b442/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/093b41e7ab70/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 093b41e7ab70e8ae0c8fd76032d9399764583bb820cbfbc39048cb3a6a7822d9

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2262445/
Cape
Cape
https://www.capesandbox.com/analysis/295024/

Comments


Avatar
zbet commented on 2022-07-29 06:10:35 UTC

url : hxxp://a0697406.xsph.ru/file.exe