MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c6f9dec659511f2ace4fe92609ca22e9903373c7348b1c9a2fdc84158c2555b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c6f9dec659511f2ace4fe92609ca22e9903373c7348b1c9a2fdc84158c2555b
SHA3-384 hash: 84bf32399d8b95a74a66705c002401b11ef4961f911bde2b0600c3057a75c61240806ffd0281d503860e39e4f033c7e0
SHA1 hash: b49824d36620364079d538b8121badc45c01aef5
MD5 hash: a4b08f74a3792e231e19d4373b3ed4eb
humanhash: alabama-glucose-spring-fanta
File name:a4b08f74a3792e231e19d4373b3ed4eb.exe
Download: download sample
File size:9'863'257 bytes
First seen:2022-06-22 14:51:34 UTC
Last seen:2022-06-22 15:57:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 12e12319f1029ec4f8fcbed7e82df162 (389 x DCRat, 52 x RedLineStealer, 51 x Formbook)
ssdeep 196608:AztkPsTo5Mr2vh4xaBeMDDs2HwnaZbJleUVxVfxFis2/+zxE8FDZHuv5s0:A6coWLUBe0zwnKt3vVfxFiF+bruvi0
Threatray 1'331 similar samples on MalwareBazaar
TLSH T13CA633036AC062B3D9323C375A89572154B93F55BBB5CADF7370790CE8A49C1DA307AA
TrID 89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
227
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/282330/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.13087.10025.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/22335/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware overlay packed setupapi.dll shdocvw.dll shell32.dll
Link:
https://www.filescan.io/uploads/62b32ca062d792dc573cadc5/reports/46a5a8bb-95cf-4262-824f-3a02c4006887/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/00734253-44dc-4f8c-b01b-1f60948ca3fe
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1018001
Signature
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c6f9dec659511f2ace4fe92609ca22e9903373c7348b1c9a2fdc84158c2555b/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=brxz33dfsui7flhe72jgbhfcf2mqgnz4oneldsnc7xeecwgckvnq._file
Verdict:
malicious
Similar samples:
0b44f1065f98dc2bde51bae5585152a276dd1f19573482589222cf24fc301c97
42dfb850de18b7ffd7d64b1b89936f0b257b1c4b739d704bdf406c3bbe0ca83a
731adf2e11160b6cf67dc393dfd47d89f9e80b74e8754050a53b6ca51323517d
7f9ffa637f4e13d1919bea687ac61c2263dfc762ee6bc95bdf6b5ccc4b7e8b8a
988fcf62c41a39cc6a59697c65be84119b52e7b73365064250fe1746b8f88b2b
aa107f5e13a95804d5175acac905b539a676f71f582e5ca512dea9f8382f294e
e10a201d8b7cb09109715199c099ef24618f50fe09d3c1c6e7abbab79a59d94b
+ 1'321 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220622-r8p7tsbhd7/
Behaviour
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
388f403d75c22c29cbcf0eac6096f62124225abd115a8449cd00fb316e895074
MD5 hash:
e20f397ada9b61650a5aa06153141177
SHA1 hash:
a285383ab5618110478b5fcf5434710be96a6776
Link:
https://www.unpac.me/results/676207e0-b764-482b-9942-d6a7ec8753ed/
SH256 hash:
0c6f9dec659511f2ace4fe92609ca22e9903373c7348b1c9a2fdc84158c2555b
MD5 hash:
a4b08f74a3792e231e19d4373b3ed4eb
SHA1 hash:
b49824d36620364079d538b8121badc45c01aef5
Link:
https://www.unpac.me/results/676207e0-b764-482b-9942-d6a7ec8753ed/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0c6f9dec659511f2ace4fe92609ca22e9903373c7348b1c9a2fdc84158c2555b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 0c6f9dec659511f2ace4fe92609ca22e9903373c7348b1c9a2fdc84158c2555b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2247294/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/282330/

Comments