MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12f29ea6403f9c16a3f498d36eee4263465176c88e0b9f7a7e70e00a7b175bff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12f29ea6403f9c16a3f498d36eee4263465176c88e0b9f7a7e70e00a7b175bff
SHA3-384 hash: 0ba083355066d4f4634f0e8b3aa8dd35c3f0d8be42737de80f1831f5f6dc7b5d6e3621ff78b83ec721872ca75da66c97
SHA1 hash: 390025bf551ef736230a8a2cb4a27cf1d2b9b238
MD5 hash: 895e2eda726065f323f3723a2d1d8c23
humanhash: crazy-rugby-sixteen-connecticut
File name:st.exe
Download: download sample
File size:130'560 bytes
First seen:2024-01-20 22:05:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 222b0d7a8bd4329236ba7c2dbfdec698
ssdeep 3072:JXfeX7/A1ZLn9oxFvfZo+s5trGjq/MLeU/fMr:8/2ZLnm3vfZo+u9GjsMKUc
TLSH T10FD3AE1929AD138ECA2D25B3E26BB9B4F1CE55810BBE4339D41E87703DB02975FA444F
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter rmceoin
Tags:exe


Avatar
rmceoin
Delivered by email phish

Intelligence

File Origin
# of uploads :
1
# of downloads :
341
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
baed6c4e0b11bf4da65b82ee030c3b6a4df4d520e1e3f804c26fb8f8ea3e61fc.js
Verdict:
Malicious activity
Analysis date:
2024-01-20 22:07:31 UTC
Tags:
stealer
Link:
https://app.any.run/tasks/ca76abd4-6928-4ffa-937c-d870bac45b22

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/471932/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending an HTTP POST request
Creating a file in the %temp% directory
Launching the default Windows debugger (dwwin.exe)
Forced shutdown of a browser
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/65ac43cc68f6c896b6d3dbeb/reports/0785801e-adfe-4d66-8c01-00fdfc29b0ef/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/12f29ea6403f9c16a3f498d36eee4263465176c88e0b9f7a7e70e00a7b175bff
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/3859c782-d8be-47e7-83d5-b3be57799d32
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1378091
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Opens the same file many times (likely Sandbox evasion)
Tries to harvest and steal browser information (history, passwords, etc)
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/12f29ea6403f9c16a3f498d36eee4263465176c88e0b9f7a7e70e00a7b175bff
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12f29ea6403f9c16a3f498d36eee4263465176c88e0b9f7a7e70e00a7b175bff/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=clzj5jsah6obni7utdjw53scmndfc5wiryfz66t6odqau6yxlp7q._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/240120-1z2zpshdfm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
f1db33454fd8f569a83802686d4d6d025c8b572f05769c15d898bd413a738537
MD5 hash:
4b4ef89414151c082bb68f7e9bfcdbe0
SHA1 hash:
dcc5a0582bb8a1e6c709788246c2a6763c181b4c
Link:
https://www.unpac.me/results/bd412948-30e6-4789-a294-74fc45187e4e/
SH256 hash:
12f29ea6403f9c16a3f498d36eee4263465176c88e0b9f7a7e70e00a7b175bff
MD5 hash:
895e2eda726065f323f3723a2d1d8c23
SHA1 hash:
390025bf551ef736230a8a2cb4a27cf1d2b9b238
Link:
https://www.unpac.me/results/bd412948-30e6-4789-a294-74fc45187e4e/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/12f29ea6403f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/12f29ea6403f9c16a3f498d36eee4263465176c88e0b9f7a7e70e00a7b175bff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Java Script (JS) js baed6c4e0b11bf4da65b82ee030c3b6a4df4d520e1e3f804c26fb8f8ea3e61fc

Executable exe 12f29ea6403f9c16a3f498d36eee4263465176c88e0b9f7a7e70e00a7b175bff

(this sample)

  
Dropped by
SHA256 baed6c4e0b11bf4da65b82ee030c3b6a4df4d520e1e3f804c26fb8f8ea3e61fc
Cape
Cape
https://www.capesandbox.com/analysis/471932/
  
Dropped by
MD5 c44f93ca9983d376b491259787874930

Comments