MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 191213cb876b87f7c1cf7f65dd4b7225267f1a34c238cb57b135288f4aecc592. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	191213cb876b87f7c1cf7f65dd4b7225267f1a34c238cb57b135288f4aecc592
SHA3-384 hash:	05d2e237d7bbe02d63dc4b860454b686d22aef5c47dfc6d59fb657cfbc45cd14426de0c49ea435dfc12137159522e8c6
SHA1 hash:	709c5e4bbd8249f5f586ebdebed560349a72cd47
MD5 hash:	0a2be3b8542fbae8daeed5bc6d712de4
humanhash:	freddie-stream-bakerloo-spring
File name:	0a2be3b8542fbae8daeed5bc6d712de4.exe
Download:	download sample
File size:	4'509'696 bytes
First seen:	2023-03-10 12:19:03 UTC
Last seen:	2023-03-10 13:31:19 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	98304:LS8Kp2YoVEhmJvKp/I9k9mTPAq9ZDjJ42dk1erxmP3qqW2MptxQjLSdr8:LSH05EYye9kEbf/jJxrmvDWxVCGp8
Threatray	937 similar samples on MalwareBazaar
TLSH	T1102633B7C5134668C8758EF3E6A337801D60491B29D7E8FD4AF5F0A6523F2164CAF262
TrID	63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12) 24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.ICL) Windows Icons Library (generic) (2059/9) 1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

187

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

0a2be3b8542fbae8daeed5bc6d712de4.exe

Verdict:

Malicious activity

Analysis date:

2023-03-10 12:22:54 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/4f174434-3aae-44a9-8ec5-725f2e089b07

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/373354/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.65857221.1350.11028.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Reading critical registry keys

Running batch commands

Launching a process

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/640b203e797502788014551f/reports/a7a05b13-9f8c-4525-a7ec-9b50de120917/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_70%

Link:

https://www.hybrid-analysis.com/sample/191213cb876b87f7c1cf7f65dd4b7225267f1a34c238cb57b135288f4aecc592

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a440ecf4-f602-47c9-8e73-d3136fa75839

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1191298

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/191213cb876b87f7c1cf7f65dd4b7225267f1a34c238cb57b135288f4aecc592/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-03-09 16:36:46 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dejbhs4hnod7pqopp5s52s3seuth6gruyi4mwv5rguui6sxmywja._file

Verdict:

malicious

12de04133def8f1652bbf2aaac8454d76141f5115e9e6d9131dcb2ffbdbee66e

2e085282467ab80f8064d2557f4afea9a82ba68e52ccd6f6f4c75e0f81dd0b30

5d101b2efae1e9390ac98e014a05d54338ec45cd73ff5dd70842877910f7b758

6000a66320ec04d7738f80e43085649f1c47bd12a2852e825e71876ec4567c07

6f8f904598a1dd49277595855a35602aeecc1ce6471dcc949def88f27199388e

7c5f6eb2a7eafa8c6891486bb1af755cc64e087c67945ab51bada4f4fcaea2ed

b6e4d99871249faefd2ed9dab5dd045d3d9ea13b4608262588eb157ddc312a68

d6618f430c04b203394c7887803a2171402efa31427c0835e24c9dec935bf79c

eb8302fbd0a3eda7620c0af1728a5d151afe1648d07525862c3701fc34c36d63

+ 927 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/230310-pg7xfsfd2z/

Behaviour

Suspicious use of WriteProcessMemory

Deletes itself

Reads user/profile data of web browsers

UPX packed file

Unpacked files

SH256 hash:

f368116528bff0208ec8a107a5f8d56face99e820b88d98715843bef4b3abed8

MD5 hash:

819ccff4c54c8792a1f7f59f19df6b04

SHA1 hash:

5786c0885a2f8fe7e6c4c5fc52588d3115967bcc

Link:

https://www.unpac.me/results/5f5ad71a-4097-4eb1-85a0-4f6b31281eea/

SH256 hash:

191213cb876b87f7c1cf7f65dd4b7225267f1a34c238cb57b135288f4aecc592

MD5 hash:

0a2be3b8542fbae8daeed5bc6d712de4

SHA1 hash:

709c5e4bbd8249f5f586ebdebed560349a72cd47

Link:

https://www.unpac.me/results/5f5ad71a-4097-4eb1-85a0-4f6b31281eea/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/191213cb876b87f7c1cf7f65dd4b7225267f1a34c238cb57b135288f4aecc592

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 191213cb876b87f7c1cf7f65dd4b7225267f1a34c238cb57b135288f4aecc592

(this sample)

Cape

https://www.capesandbox.com/analysis/373354/

URLhaus

https://urlhaus.abuse.ch/url/2563428/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample