MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11a7b5537ad0eebf531ae247203c2d8646f1bbcfcb95b195efa385429c4e2241. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11a7b5537ad0eebf531ae247203c2d8646f1bbcfcb95b195efa385429c4e2241
SHA3-384 hash: 02dea658869345cfa3432e7c490dc3dfde89e88eefaf0cea84ea562e1f38196594add21ca8aa79ce03f12c5c852678cd
SHA1 hash: f76f93864988693f184b2b77d39ffab47003d136
MD5 hash: d41a43fa0789b7dcc1a261e9c3632519
humanhash: papa-hawaii-river-edward
File name:d41a43fa0789b7dcc1a261e9c3632519
Download: download sample
File size:1'698'110 bytes
First seen:2022-07-14 04:37:15 UTC
Last seen:2022-07-15 03:30:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e569e6f445d32ba23766ad67d1e3787f (262 x Adware.Generic, 41 x RecordBreaker, 24 x RedLineStealer)
ssdeep 24576:q7FUDowAyrTVE3U5Fls3fzLFIy/gCutN9ZtX4yd/8ojOQvMT8xzJesjSJ6:qBuZrEUQdJ/FuD94yd0eMQhE6
Threatray 289 similar samples on MalwareBazaar
TLSH T1A075BF3FB268753ED5AE4B3245739360997BBA61B81B8C1E07F0084DCF664701E3BA56
TrID 59.6% (.EXE) Inno Setup installer (109740/4/30)
22.5% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
5.7% (.EXE) Win64 Executable (generic) (10523/12/4)
3.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
2.4% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter openctibr
Tags:exe OpenCTI.BR Sandboxed

Intelligence

File Origin
# of uploads :
2
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/287986/
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Searching for the window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed setupapi.dll shell32.dll
Link:
https://www.filescan.io/uploads/62cf9de83ec0b06899784fe6/reports/85d66bbd-c5e7-4e73-89f5-18c001f42e99/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/38e89e02-ebea-4e08-becd-0f746217aeb0
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1032043
Signature
Antivirus detection for dropped file
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
Performs DNS queries to domains with low reputation
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/11a7b5537ad0eebf531ae247203c2d8646f1bbcfcb95b195efa385429c4e2241/
Threat name:
Win32.Adware.DealPly
Create hunting rule
Status:
Malicious
First seen:
2022-06-18 05:18:54 UTC
File Type:
PE (Exe)
AV detection:
21 of 26 (80.77%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cgt3ku322dxl6uy24jdsapbnqzdpdo6pzok3dfppuocufhcoejaq._file
Verdict:
malicious
Similar samples:
3a1625ebc4e9afe5205ccaac0a98723523d8e222181a76eea8f6e5402960a28f
445ab3421fbfb7786ee2e2d8f5e09d919ce27392da08f35bbad07de05aed43c2
945cf884b485a56b317e46a583cf8c54e144143daa82d20362e11fbfb89dfe66
b384f43a2818ff05307d3559f82e00c33efc45b86ffbb1efe5c2d15716ce6b6c
bb844107525558a6598d2d6173dfd555bb0b6cc03d74131125d606afd0c84a4a
da362dff8b39c6b4b92387f48f5beb91ce55dbdf8bfe6a6ec7b5e6f1aa269010
db4d9628d02ae5e9812156655106fddf94c4f09b2702fea9601596c97b9fdae6
f7c1aa4164f0c17980bba13ab571ef20deaf60a3444266b7436f8de6bdace5be
fafaa07d26fc1017ada9e6fa48663712b448d569b8c8c499f19e16c6031fcfc7
+ 279 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220714-e81bksgge8/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
7b2c0943e4b470e1a54d4288cae90544f7af1035d6f00a3b9f5c59fef8eb4f6d
MD5 hash:
e574dd657b8c05dc5fc1053ada41dffa
SHA1 hash:
c69cc93ed7880e0298532e043e28af42f310e0b6
Link:
https://www.unpac.me/results/f2d7c86f-ae25-421b-ba5d-247526b8a327/
SH256 hash:
18f25fab4afeac3f015294766e801d23d8e1260f39a26cedb0d264c506a6a29c
MD5 hash:
4c8d871cb00eb42ff63b38dd572e78ce
SHA1 hash:
21c124959d471db8fa33b6ffbbd39325bc67a11f
Link:
https://www.unpac.me/results/f2d7c86f-ae25-421b-ba5d-247526b8a327/
SH256 hash:
11a7b5537ad0eebf531ae247203c2d8646f1bbcfcb95b195efa385429c4e2241
MD5 hash:
d41a43fa0789b7dcc1a261e9c3632519
SHA1 hash:
f76f93864988693f184b2b77d39ffab47003d136
Link:
https://www.unpac.me/results/f2d7c86f-ae25-421b-ba5d-247526b8a327/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/11a7b5537ad0eebf531ae247203c2d8646f1bbcfcb95b195efa385429c4e2241

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 11a7b5537ad0eebf531ae247203c2d8646f1bbcfcb95b195efa385429c4e2241

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2241990/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/287986/

Comments