MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a691a5ed595c40c6dea8ea3fec94961fd8522e047a4d85bb6b8adf1152560cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	0a691a5ed595c40c6dea8ea3fec94961fd8522e047a4d85bb6b8adf1152560cf
SHA3-384 hash:	39e9518c805c61be3fccddf0b6e3ea6ec45dd5e74675e43160820dbcff2ca457597432529a799d5523163b76f5331cc2
SHA1 hash:	93f3052b9dd0798341f7b3f619840c11cddd9c27
MD5 hash:	1a170e8fa48dc79855f2d5c5a98495aa
humanhash:	pip-quebec-ten-sodium
File name:	file
Download:	download sample
File size:	2'537'472 bytes
First seen:	2023-01-27 12:49:14 UTC
Last seen:	2023-01-28 20:05:46 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	49152:T6pZ5QWKwjFhNsMKya2r2/Gflh7x5JigKVD89tjxTXb:e2WKwGMKCx5zbPtTX
Threatray	253 similar samples on MalwareBazaar
TLSH	T180C533D14BB516F8F6A2D237A04319B5B0015DC7628ECE87633503E9EFEA6FAD41422D
TrID	63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12) 24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.ICL) Windows Icons Library (generic) (2059/9) 1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://vk.com/doc712319849_660592657?hash=qAYz4kSQNmIDz7JQORwwxTzWRpwe3xBISg8gaY8WKmX&dl=G4YTEMZRHE4DIOI:1674823201:v3v34hydkjy79A7HKiTU5lqKTV8HGaBEK0PaZn4zKsP&api=1&no_preview=1#sc142

Intelligence

File Origin

# of uploads :

# of downloads :

197

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2023-01-27 12:51:42 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/05b6f813-bafa-4da1-b383-54c9526839d4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/357390/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/63d3c87b447edb203a016ed9/reports/14cb5d55-3b66-44bc-9f3c-423fe598d546/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/fc048818-58b1-4c4a-92c8-9bfea6997d6b

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1160202

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0a691a5ed595c40c6dea8ea3fec94961fd8522e047a4d85bb6b8adf1152560cf/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-01-27 12:50:08 UTC

File Type:

PE+ (Exe)

AV detection:

10 of 39 (25.64%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bjuruxwvsxcay3pkr2r75skjmh6ykixai6snqw5wxcw7cfjfmdhq._file

Verdict:

malicious

12567de24a8dbc6c0103aa263217ad240098d7545e32546f35fd5b791b1869fa

2e205ecc398903361efb69b5790716a47b76301e7b8ad3be506fbde96ee6ffe7

7f305167fdb6ae8a3781cd257ddef222ee6803f44115d2e1a133f7da67d4eaa0

88dbf134cd4628fc8b97cc1adf5201cae875df1fa5280b3cbc0306478161e9f4

90e7c78ca1612b6f6e0f2c25e00e4c73e9df86936a243a03a488a3b155334eea

b25c916108e990357c009d88c075fda55419b5a13da0a3b2dc5643b607bb6b0e

ceb3007d4015dd96043315cd91f6c4ff82da1b206921311c8833d76947e92702

f90220b98550878f3056c732d437bae3026e4d7c7aa9bb733dbaa9c748cb80e7

+ 243 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/230127-p2xl8acb71/

Behaviour

Suspicious use of WriteProcessMemory

Deletes itself

Reads user/profile data of web browsers

UPX packed file

Unpacked files

SH256 hash:

46f3de770cf0569e96a77bac2281d10e85e84203aefd187791b216e0297bc2d4

MD5 hash:

9532dc9f223a11cb3145b7e3794d7e19

SHA1 hash:

b3c1167f5e89730b00ed22634937fa19bdfd5592

Link:

https://www.unpac.me/results/dda72e59-f455-4c7e-a7ca-7197696bb173/

SH256 hash:

0a691a5ed595c40c6dea8ea3fec94961fd8522e047a4d85bb6b8adf1152560cf

MD5 hash:

1a170e8fa48dc79855f2d5c5a98495aa

SHA1 hash:

93f3052b9dd0798341f7b3f619840c11cddd9c27

Link:

https://www.unpac.me/results/dda72e59-f455-4c7e-a7ca-7197696bb173/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/0a691a5ed595c40c6dea8ea3fec94961fd8522e047a4d85bb6b8adf1152560cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/357390/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample