MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 187e00f0ccff956d9c382ea3f888769ad5109f23a75ec51077c8b366ef45f1a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 187e00f0ccff956d9c382ea3f888769ad5109f23a75ec51077c8b366ef45f1a9
SHA3-384 hash: 6156f4a99295c9db621c44a617e3ac51a96a3d7cfb0ed9384351dec4545aac7ccd41ed9e6cc4a8da6044eeffcfdda33b
SHA1 hash: 8888212b326918cdaa07bcc382d8fe52445a39d2
MD5 hash: cad2965c4ad66fbc583db1b3cba23e97
humanhash: high-quebec-golf-neptune
File name:Stealer.exe
Download: download sample
File size:507'904 bytes
First seen:2020-05-08 12:31:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fd6295a9955f9fb70c3bdefdf187c716
ssdeep 12288:73eN9fhI/R366aM3r0LcNz83Z4sswFr1l3rmqUxTmjk:7uN9fhyB6vM3ycNzEysdrTZU
TLSH A3B4BF63E5F28171C43330704366AB325DFEBA104A768DEB67C818995F601A1B73F6A7
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 12:30:47 UTC
File Type:
PE (Exe)
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201109-z4c55vb9pa/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks computer location settings
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:with_sqlite
Create hunting rule
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments