MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15eac293fb910e2246ebe6785764d55bfca1b75b63e10e3f392db6b5304b817f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15eac293fb910e2246ebe6785764d55bfca1b75b63e10e3f392db6b5304b817f
SHA3-384 hash: 31d991643539015367e55e6aedaec6e1db36242e16693a297c3be0278209a13b993dc50068f98445bfc8aad3c33a4a82
SHA1 hash: 77a581fcf2be7b673cb5a46496925440243f4174
MD5 hash: 8101347c0dc473a1f106678be2669cbf
humanhash: uranus-missouri-alanine-montana
File name:8101347c0dc473a1f106678be2669cbf.exe
Download: download sample
File size:7'229'080 bytes
First seen:2022-03-03 09:37:32 UTC
Last seen:2022-03-17 06:35:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash dfec469ff9e19f9df882decc3c09398f (45 x RedLineStealer, 1 x Formbook, 1 x ArkeiStealer)
ssdeep 196608:DkNuQ7M+7OzI6THaSxYFitObJgZW7QSg4Fm4yeBCGPMA:DkNVM+gI6THaJOZGQMPyeBFPMA
TLSH T1AD763366F3E4B392C35769B3FE7568E0D2532005776B66B6845AE2363B1C9A3403B037
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
212
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/246887/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/9e9bf1cb-5e3d-4b25-8686-6723dd3a4a11
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/950219
Signature
Multi AV Scanner detection for submitted file
PE file has nameless sections
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 582698 Sample: QYjxLnzZHF.exe Startdate: 03/03/2022 Architecture: WINDOWS Score: 52 11 store-images.s-microsoft.com 2->11 13 Multi AV Scanner detection for submitted file 2->13 15 PE file has nameless sections 2->15 7 QYjxLnzZHF.exe 1 2->7         started        signatures3 process4 process5 9 conhost.exe 7->9         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15eac293fb910e2246ebe6785764d55bfca1b75b63e10e3f392db6b5304b817f/
Threat name:
Win32.Infostealer.Convagent
Create hunting rule
Status:
Malicious
First seen:
2022-03-03 09:38:19 UTC
File Type:
PE (Exe)
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220303-ll4h2scagk/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
15e938045190df976673ad9d339f6064b06045324a4108d6ecc40629940ba9e4
MD5 hash:
cc608452dac7540e7d1c28a694a482eb
SHA1 hash:
99d8a2e3cc06350e8fa8a1bf9194b2b953f36ea4
Link:
https://www.unpac.me/results/5caf7493-edb2-449f-892e-bbc755a1f464/
SH256 hash:
15eac293fb910e2246ebe6785764d55bfca1b75b63e10e3f392db6b5304b817f
MD5 hash:
8101347c0dc473a1f106678be2669cbf
SHA1 hash:
77a581fcf2be7b673cb5a46496925440243f4174
Link:
https://www.unpac.me/results/5caf7493-edb2-449f-892e-bbc755a1f464/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/15eac293fb910e2246ebe6785764d55bfca1b75b63e10e3f392db6b5304b817f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 15eac293fb910e2246ebe6785764d55bfca1b75b63e10e3f392db6b5304b817f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2072455/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/246887/

Comments