MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12d6e48b5774cf84b7aef916405078219b10924c0527692f4c235799c533d390. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	12d6e48b5774cf84b7aef916405078219b10924c0527692f4c235799c533d390
SHA3-384 hash:	e6dd6b2fbd4ad9e27d7d8d098c71b3d4458d49938ab0c300d2feb3aa3e89bc424d35d4698484013bc0145eed8316b59b
SHA1 hash:	263dd3f1390afcb9151383ecfd415eca3ff2d197
MD5 hash:	ba4be7f719bf64b702ecb4fb5b87e9fb
humanhash:	seventeen-salami-delaware-berlin
File name:	ba4be7f719bf64b702ecb4fb5b87e9fb.exe
Download:	download sample
File size:	4'510'208 bytes
First seen:	2023-03-19 15:58:52 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	98304:ru7HMEGcgQWBmi0mcYv+yPcdsNibHARcU78gdXV/xzJ:NcgN0mHv+yESNiLPU788v
Threatray	980 similar samples on MalwareBazaar
TLSH	T1C02633480279A4E8E02BBDB619EDD1B6590077D756FBB583E34B3F90B6043B1D8B43A4
TrID	63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12) 24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.ICL) Windows Icons Library (generic) (2059/9) 1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

227

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

ba4be7f719bf64b702ecb4fb5b87e9fb.exe

Verdict:

Malicious activity

Analysis date:

2023-03-19 16:09:23 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/4f69ef54-6d5f-456f-8efe-f070f966edef

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/375719/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Reading critical registry keys

Running batch commands

Launching a process

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/6417314dc60b3295f52be87b/reports/90ceb53e-8eae-4fce-b8bd-0a34e77e413d/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/12d6e48b5774cf84b7aef916405078219b10924c0527692f4c235799c533d390

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/5ec6f26d-b962-4e34-b0e4-6ab837c88ecc

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1197154

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/12d6e48b5774cf84b7aef916405078219b10924c0527692f4c235799c533d390/

Threat name:

Win64.Trojan.Casdet

Status:

Malicious

First seen:

2023-03-19 15:59:14 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

15 of 24 (62.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cllojc2xothyjn5o7eleaudyegnrbesmautwsl2menlztrjt2oia._file

Verdict:

unknown

12de04133def8f1652bbf2aaac8454d76141f5115e9e6d9131dcb2ffbdbee66e

2e085282467ab80f8064d2557f4afea9a82ba68e52ccd6f6f4c75e0f81dd0b30

5d101b2efae1e9390ac98e014a05d54338ec45cd73ff5dd70842877910f7b758

6000a66320ec04d7738f80e43085649f1c47bd12a2852e825e71876ec4567c07

6f8f904598a1dd49277595855a35602aeecc1ce6471dcc949def88f27199388e

7c5f6eb2a7eafa8c6891486bb1af755cc64e087c67945ab51bada4f4fcaea2ed

b6e4d99871249faefd2ed9dab5dd045d3d9ea13b4608262588eb157ddc312a68

d6618f430c04b203394c7887803a2171402efa31427c0835e24c9dec935bf79c

eb8302fbd0a3eda7620c0af1728a5d151afe1648d07525862c3701fc34c36d63

+ 970 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/230319-te38pshb22/

Behaviour

Suspicious use of WriteProcessMemory

Reads user/profile data of web browsers

UPX packed file

Unpacked files

SH256 hash:

3087ae352aa6a7d77f0cf74648a7e7d11919b432bcc5a65c761cb840a7c07fe3

MD5 hash:

33f3c60102eef7856e02540c81924449

SHA1 hash:

60a47706189d79608830f1e81965a4476d62a442

Link:

https://www.unpac.me/results/afe71f07-1d22-466c-ba96-7153b6ce67c7/

SH256 hash:

12d6e48b5774cf84b7aef916405078219b10924c0527692f4c235799c533d390

MD5 hash:

ba4be7f719bf64b702ecb4fb5b87e9fb

SHA1 hash:

263dd3f1390afcb9151383ecfd415eca3ff2d197

Link:

https://www.unpac.me/results/afe71f07-1d22-466c-ba96-7153b6ce67c7/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/12d6e48b5774cf84b7aef916405078219b10924c0527692f4c235799c533d390

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 12d6e48b5774cf84b7aef916405078219b10924c0527692f4c235799c533d390

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2563428/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/375719/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample