MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 257e99cfd3593f0ae2b35f2b1a3a8448e1272f9455b7f03ada226b88222c5179. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 257e99cfd3593f0ae2b35f2b1a3a8448e1272f9455b7f03ada226b88222c5179
SHA3-384 hash: 6f11ff429a63065ba0a7a863890840b1db79705b8ebf8f6d7436939ffb23c368da366090a0dd48f08fe66ae14403a636
SHA1 hash: 3fe161cf80ee91567dcf01e1150106850f17ed7c
MD5 hash: b3abef9c8f7dadf9c4021ccc225bdab7
humanhash: potato-sixteen-golf-eleven
File name:SecuriteInfo.com.Variant.Ursu.904612.21010.13441
Download: download sample
File size:728'576 bytes
First seen:2020-06-14 12:40:05 UTC
Last seen:2020-06-14 13:36:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8b53481bf54b2f774cbc32db855d8885
ssdeep 12288:XIYWmahQaoWf7XXe8Fk5t37FfOVk0v3FITcYm674NW40s3MgGkl5GbG7h6ZznT7Q:XX2AWTXXexZFfwk0vQmZDJGS57hSzw
Threatray 39 similar samples on MalwareBazaar
TLSH E9F423413A6A1FE4D297FAB2582A98DC1524AC0385DC1E8232F0B77F58374E7EE1651F
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10176/
Detection(s):
SecuriteInfo.com.Variant.Ursu.904612.21010.13441.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2020-06-14 04:18:43 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
270c10b611fa95a41054622c5caed5e88a7b3ec9c2ffaec93725b95b6d6d5aa3
2de69c2d371c790dd7977c5778e4c3cc1c9df180e8075a490e8eda4a1536bc63
77b2ce43a1a7363d6c90b9b11fc05220511a868f4f8ca72cd6cbe3219f79fbdd
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4
956a4834f9fd06b41877a81e7edb083994d53daae9739fcfb8d4f82203105414
9dfc0d127c1129cd943b1c6ea494a01b40b6b29656db9a44f3dc3231db127a0e
9fdf001f730abe9e97454ce266d79326fb6e7c02fa6f3c16a7bbf5485ef674c4
b571436ef8d4284f5dabee122973c8710965a31de19f80f7a8a62cb8cea8f1d6
eddc999a7e76c2af01abaa813a903686f6f5b7ff94a7587c071bf2d2243b5239
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
vmprotect
Link:
https://tria.ge/reports/201109-3xvaysf3k6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Drops startup file
Loads dropped DLL
Executes dropped EXE
VMProtect packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 257e99cfd3593f0ae2b35f2b1a3a8448e1272f9455b7f03ada226b88222c5179

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/389834/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/10176/

Comments