MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 174ed156f6f1c67a8b09b72ab463b69c2d9aae053a5dffb6d4630bdea6308153. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 174ed156f6f1c67a8b09b72ab463b69c2d9aae053a5dffb6d4630bdea6308153
SHA3-384 hash: 25d8f6bcd4f4a209bfe60bd21f0dd8b4045c0e15d17123862f026516138cf4ce759a14c37864138e3bcd7af128e9f203
SHA1 hash: c2a9b62d6999092f14c3b150ef644642420c6c77
MD5 hash: fe696ad08c2afb38ced8d0303a970b53
humanhash: ink-twelve-delta-chicken
File name:rCotizaci__n4-4-23.exe
Download: download sample
File size:1'056'768 bytes
First seen:2023-04-04 18:44:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:FwFZA/vN2iNolgBSzMFF2GMWTJi4UH4xEfJv91iSmqhnWUI9RgCZ4Z5QiOgqWCH/:FwFZmN1GQSm3BmXlmQabYMiOhVD/tZ
Threatray 42 similar samples on MalwareBazaar
TLSH T18525CF1E8E14C6F4F6BC47B5D0D33F191DA40AA243E6851CB87B60DA3B85B8A5C1D98F
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter FXOLabs
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
241
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
rCotizaci__n4-4-23.exe
Verdict:
Malicious activity
Analysis date:
2023-04-04 18:47:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bac6bcc4-a1b2-469e-950b-6ceefab07cb7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/380116/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/642c70302f938d3b4e0600df/reports/7b808634-dc41-4834-a277-40c902497e90/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/174ed156f6f1c67a8b09b72ab463b69c2d9aae053a5dffb6d4630bdea6308153
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c82a40bf-eb59-4ed9-9087-be87269f5039
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1208301
Signature
.NET source code contains potential unpacker
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes or reads registry keys via WMI
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/174ed156f6f1c67a8b09b72ab463b69c2d9aae053a5dffb6d4630bdea6308153/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-04-04 18:22:09 UTC
AV detection:
11 of 35 (31.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c5hncvxw6hdhvcyjw4vliy5wtqwzvlqfhjo77nwummf55jrqqfjq._file
Verdict:
malicious
Similar samples:
4fc50d17362e6ed4e53b082e4d01ad286eb2caca5113ae09e48eca48889b36fb
630f2becb05a49664975e0561dd7f4a45690c3cc1c039816c5b1961caf0c2980
a8e34f0afa9d78ee85eaea3f14d16dd9180d4adc10d82dbd857394d5e2b3d9d6
a91dca5f2e89d48fdb09b37bf972be6ef686f4ae84ee01b9684ab968068d0c93
cbda14adc5ddc1c7dcaab3718dd25805b8c0b720db8678715a754754a214e05f
d9fb5f10465038710b0e96b46a5e97d2797667c6c07c5246a4d9f49233055ed4
de19b88c284dcc4b18ea43b7e4dc96679ea39dda05016869cfd2c0aac3132a1c
+ 32 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/230404-xd26ssbb8z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
3b75425895af4ae3186b36277553641e37ca1d620ae18d68e40d13351b54de6a
MD5 hash:
94d1531b52774dce52a89e33646d5b1d
SHA1 hash:
29bf887b025b97bd7a9e1e261852ba824234a625
Link:
https://www.unpac.me/results/16667a12-24f4-4d7c-8290-337289f0d354/
SH256 hash:
6cb99ed71a806dac93376d7d45ab489359f1c910c16fe8961ec802a3430ac885
MD5 hash:
749b06a41faef0a176377408c56d65f0
SHA1 hash:
1daa08ab42c9cd27b9a8cef982e882d18d3cd8df
Link:
https://www.unpac.me/results/16667a12-24f4-4d7c-8290-337289f0d354/
SH256 hash:
2f240d3b660d15a29753894615921b5ba932f2eb1afec7cf1ea6abdb52752224
MD5 hash:
4eef099b1996a942bb79587d20b1d36f
SHA1 hash:
ffee1331d2331ada6cc9e6061977829142f71543
Link:
https://www.unpac.me/results/16667a12-24f4-4d7c-8290-337289f0d354/
SH256 hash:
2aa7a5ec7836b0d045b70798692bbd19654dd5bf6fe8dd8693dbbf9a2dc42158
MD5 hash:
4c8fed93e83e722cd774dfa82994f529
SHA1 hash:
de7c76e793edeb39f48aed8f3528ce16fae7352b
Link:
https://www.unpac.me/results/16667a12-24f4-4d7c-8290-337289f0d354/
SH256 hash:
3c507afadbb1c31a9ebdd24baac5739d47576159e01c5e84f973c951885100aa
MD5 hash:
e79bf0e7e9d52d398e0b23b352394c68
SHA1 hash:
682325763a0ec77e0fd475ea3a4021b4651eceac
Link:
https://www.unpac.me/results/16667a12-24f4-4d7c-8290-337289f0d354/
SH256 hash:
9651e7c92a518e66d4bfc513452b4747f38bf09cb388ca6d2c024c729c131632
MD5 hash:
24608d9d0224bb85e2768342549138b6
SHA1 hash:
5ac6a02ed5920eb4385c7525ba90289c891b26aa
Link:
https://www.unpac.me/results/16667a12-24f4-4d7c-8290-337289f0d354/
SH256 hash:
174ed156f6f1c67a8b09b72ab463b69c2d9aae053a5dffb6d4630bdea6308153
MD5 hash:
fe696ad08c2afb38ced8d0303a970b53
SHA1 hash:
c2a9b62d6999092f14c3b150ef644642420c6c77
Link:
https://www.unpac.me/results/16667a12-24f4-4d7c-8290-337289f0d354/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/174ed156f6f1c67a8b09b72ab463b69c2d9aae053a5dffb6d4630bdea6308153

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Suspicious_Macro_Presence
Create hunting rule
Author:Mehmet Ali Kerimoglu (CYB3RMX)
Description:This rule detects common malicious/suspicious implementations.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 174ed156f6f1c67a8b09b72ab463b69c2d9aae053a5dffb6d4630bdea6308153

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/380116/

Comments