MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1826805f293e5ef43536005c51ea4b72da36745b48dddd6e508c0b7ecc5c7f54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	1826805f293e5ef43536005c51ea4b72da36745b48dddd6e508c0b7ecc5c7f54
SHA3-384 hash:	35bd21eed5af384d3168be4da5e4b38bb8d0c3ff22b6df71fd6ae5f3189fb95e11cb25a8ae20522b5f7025ef5fad5bc6
SHA1 hash:	a780c4ecff9eab4523a7aa277b33a18691808724
MD5 hash:	7ef97db03ee0a29099980e2fa412e89c
humanhash:	helium-texas-uncle-batman
File name:	7ef97db03ee0a29099980e2fa412e89c.exe
Download:	download sample
File size:	649'728 bytes
First seen:	2022-01-15 08:29:52 UTC
Last seen:	2022-01-15 10:53:17 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	6801e04a0c2ca60ac2497c0d8723846b (4 x RedLineStealer, 2 x OnlyLogger, 1 x CoinMiner.XMRig)
ssdeep	12288:pCPjbSSsYQiqcskDWJ0ZYFLxVcR/EIr1fjztZY4D2XhzjVqQ6:qj1Giqc7CJfj8sgnrUpB
Threatray	46 similar samples on MalwareBazaar
TLSH	T11AD4E110BBA0C039F6B722F895759B68793E3EA1572450CB22D65BEA47346E0FE31317
File icon (PE):
dhash icon	2dec1378319b9b91 (22 x Smoke Loader, 16 x RedLineStealer, 7 x ArkeiStealer)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

171

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

7ef97db03ee0a29099980e2fa412e89c.exe

Verdict:

Malicious activity

Analysis date:

2022-01-15 09:04:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0ac7cc11-f963-4a2a-a7b0-de1cbade2234

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/219454/

Detection(s):

Win.Packed.Crypterx-9936122-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

DNS request

Sending a custom TCP request

Rewriting of the hard drive's master boot record

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/4248/overview

Behaviour

MalwareBazaar

SystemUptime

MeasuringTime

CPUID_Instruction

EvasionGetTickCount

CheckCmdLine

EvasionQueryPerformanceCounter

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/61e28619e997359713f15124/reports/6ab4009c-8d89-4207-a713-f4e69d5cdb6c/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Pitou

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/62529881-9b50-4844-bc68-5418fb229b43

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/921081

Signature

Contains functionality to infect the boot sector

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1826805f293e5ef43536005c51ea4b72da36745b48dddd6e508c0b7ecc5c7f54/

Threat name:

Win32.Trojan.DllCheck

Status:

Malicious

First seen:

2022-01-14 19:33:14 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 28 (75.00%)

Threat level:

5/5

Verdict:

malicious

3c6d3d8d1d1cd0e7503c141e407c2d0f13f87b5b76dac2cff033baa027033e1c

4a12d29a59f80a7deb10effbba67169f9898969133ae7c4d94c3d500cc93de5f

99a6b979823a1de5127de403a90d9b485e713dd74db15f0aa6ab3dda1006312b

9ab85c68338687154f9ac21de8f1a25828cc75aef1b69b09add600727ffabcc4

a09cbb1704807a612702a6fd63c2c58d096da4c99034be7fc1d92bc5ef7bfc1b

b8041d0735e3ef4ef4714f324de4c63237f500baa52698559e2727c5a8ede61a

c7ccfa2edebbfbe1f3c5dbcd120bbfc828ffcd1b78aae558e401c1e1c30fa825

ce1ab55a70d98baf0f844e1bc21f376ff356ddb9067523f908315934c346737a

f1c367a9e61a79e35b25ced3249166e442845a3d63a06524fb908477140c9f10

+ 36 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

bootkit persistence

Link:

https://tria.ge/reports/220115-kd8x5addd6/

Behaviour

Writes to the Master Boot Record (MBR)

Unpacked files

SH256 hash:

e4525e11db14618785e204cb87842eb4f71a0dd3fde7508475254181daf4817c

MD5 hash:

7b1c1ce13434e6d54c42f3f9ac46d0e4

SHA1 hash:

77ebad305f9c6e0c02ac6414ec47924934624ba4

Link:

https://www.unpac.me/results/c6d69022-2ad1-4b95-82ed-103260b3936e/

SH256 hash:

1826805f293e5ef43536005c51ea4b72da36745b48dddd6e508c0b7ecc5c7f54

MD5 hash:

7ef97db03ee0a29099980e2fa412e89c

SHA1 hash:

a780c4ecff9eab4523a7aa277b33a18691808724

Link:

https://www.unpac.me/results/c6d69022-2ad1-4b95-82ed-103260b3936e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1826805f293e5ef43536005c51ea4b72da36745b48dddd6e508c0b7ecc5c7f54

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/219454/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample