MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12b10654f5c1372ce656c951448a75f72d25c28cda867c7fa1daf4d81760759b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.Techsnab


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12b10654f5c1372ce656c951448a75f72d25c28cda867c7fa1daf4d81760759b
SHA3-384 hash: 3ce7412f6395cd74177a30628406e11fbace71f916a03397bb8d40da4dd2fe87eb0c8c346622d395cb6520f3dce7f6f5
SHA1 hash: 6e68b52b6155efdd63b02914b672c689ce5c4ceb
MD5 hash: c82fa54ea87c77df522b4f7acd0f864a
humanhash: thirteen-indigo-bluebird-solar
File name:c82fa54ea87c77df522b4f7acd0f864a
Download: download sample
Signature Adware.Techsnab
Create hunting rule
File size:2'529'280 bytes
First seen:2022-11-26 19:27:29 UTC
Last seen:2022-11-26 21:30:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 67d2f49347a4198e24857bc1860e0897 (1 x Adware.Techsnab)
ssdeep 49152:ExHZLf07ypvu3LkxlMkevAQOhq1UBGofNTVm2hg82wB7EGf6t6+FLekMkN69n:wHFBu4qkevA3hnBrlRDgIB7XfuFLegN
Threatray 1'053 similar samples on MalwareBazaar
TLSH T129C533DE505A87E5F0E8F679731A2B444FA835788399185BEB2FE24190366C1F77320B
TrID 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter zbetcheckin
Tags:Adware.Techsnab exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
221
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c82fa54ea87c77df522b4f7acd0f864a
Verdict:
No threats detected
Analysis date:
2022-11-26 19:33:32 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c22dcfe2-c3b5-4db5-a547-68041f72ea2c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/338850/
Detection(s):
SecuriteInfo.com.Gen.Variant.Lazy.255988.28406.15581.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Using the Windows Management Instrumentation requests
Changing a file
Moving of the original file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug packed shell32.dll
Link:
https://www.filescan.io/uploads/638268c200c584752ee20302/reports/1350da94-f273-48fb-8bf3-c44998859aad/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/67f39fb1-2a01-4b02-b8d9-90f7f5fc54a6
Result
Threat name:
Luca Stealer
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1121688
Signature
Deletes itself after installation
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Queries temperature or sensor information (via WMI often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Luca Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12b10654f5c1372ce656c951448a75f72d25c28cda867c7fa1daf4d81760759b/
Threat name:
Win64.Infostealer.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2022-11-26 19:28:20 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ckyqmvhvye3szzswzfiujctv64wslqum3kdhy75b3l2nqf3aownq._file
Verdict:
malicious
Similar samples:
06dbbdd3df2de3fba52f72cbac4c5d1e06f794de90a29fa7ea2f449e3a4fc37d
Adware.Techsnab
1baf63a128c8adbb4598a456ddcb81b33042e06f9cdb99e51448643b6f88cc6d
Adware.Techsnab
24cf5566094b9c99b75303995b503b3285531d1313658f318a931424c9ef46d3
Adware.Techsnab
3d50fb7a6d59a7b4a4779f5d4b804442133038d5b9afe845b3aad5f2631d2437
Adware.Techsnab
65ccbd63fbe96ea8830396c575926af476c06352bb88f9c22f90de7bb85366a3
Adware.Techsnab
6aa5078347357a441ef4427f92696b1d87bca4602c34ce794dbb051463e137f1
Adware.Techsnab
c275c00ed3831518a88e99ffae3737126da1dd4ef018028850e9b742263e98d9
Adware.Techsnab
c47c10545767892ba8fdaa1ba682295251016938318d807fe40736e5ae832322
Adware.Techsnab
f563d62dbc6bcf5f8c0f977bcd3bc66d39ee43cc5abdd63d3de105755dab3f91
Adware.Techsnab
+ 1'043 additional samples on MalwareBazaar
Result
Malware family:
lucastealer
Create hunting rule
Score:
  10/10
Tags:
family:lucastealer spyware stealer upx
Link:
https://tria.ge/reports/221126-x6mxkshd49/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Deletes itself
Reads user/profile data of web browsers
UPX packed file
Luca Stealer
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/5cc15d27-ec46-438c-a0b4-aad54e827222
Unpacked files
SH256 hash:
44acd743e143fd1397507650fd7cc190181e86586887eab5bf22cf12a1760248
MD5 hash:
d5af98820fce6e5d43556ac13d0027ba
SHA1 hash:
aacb7f92ddfa1dc0906491e87be8651fc13a164b
Link:
https://www.unpac.me/results/99f73611-9c80-4ea1-a2b7-d501e608d6fb/
SH256 hash:
12b10654f5c1372ce656c951448a75f72d25c28cda867c7fa1daf4d81760759b
MD5 hash:
c82fa54ea87c77df522b4f7acd0f864a
SHA1 hash:
6e68b52b6155efdd63b02914b672c689ce5c4ceb
Link:
https://www.unpac.me/results/99f73611-9c80-4ea1-a2b7-d501e608d6fb/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/12b10654f5c1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.15
Link:
https://yomi.yoroi.company/submissions/12b10654f5c1372ce656c951448a75f72d25c28cda867c7fa1daf4d81760759b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Adware.Techsnab

Executable exe 12b10654f5c1372ce656c951448a75f72d25c28cda867c7fa1daf4d81760759b

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2434025/
Cape
Cape
https://www.capesandbox.com/analysis/338850/

Comments


Avatar
zbet commented on 2022-11-26 19:27:35 UTC

url : hxxp://77.73.133.113/lego/software.exe