MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 269f4900ad74aae998445a68e9d7cecb5198da5b7d830c7d5b2bf70b90e3a7fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mekotio


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 269f4900ad74aae998445a68e9d7cecb5198da5b7d830c7d5b2bf70b90e3a7fc
SHA3-384 hash: fbd1eebe4e446a2cda9352df373b98d89c87540547876e5ea7a509f196174e465d2b7cd0ded9d22a7a410feed3d7ee89
SHA1 hash: c6badcdeacfd502a2afbcbfab9196b023e08274c
MD5 hash: ac7a2a8f2c8a0432226e673df8ca2a0f
humanhash: jig-stream-sink-one
File name:Stage1-AHK.zip
Download: download sample
Signature Mekotio
Create hunting rule
File size:449'045 bytes
First seen:2022-07-18 18:39:28 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:O7s+Z7phWdeMSdOJs2HjrYer0Li7Vgstks/1of:gs+Z9Y7SQYIN7uHgO
TLSH T173A42313C7B59853D0761BE1B2D1298F9B8E52B8D90B5594FD1F30EBA6F3270C28869C
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter StopMalvertisin
Tags:Mekotio zip


Avatar
StopMalvertisin
First Mekotio Stage. Checks Country, initial check-in, downloads final stage ZIP (Mekotio itself)
POST: https://www.sameh-advisor[.]com/css/style/cpanel/brume.php
ZIP: https://www.upsetus[.]com/design/js/overg/H4T3B78I1DDXK82.pic

Intelligence

File Origin
# of uploads :
1
# of downloads :
233
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.AutoIT_Compiled.11820.19429.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm
Link:
https://www.filescan.io/uploads/62d5a9bc8fbcdde3605afd1e/reports/8648ad3a-7f30-46fb-b7d6-c9c472c6c293/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/269f4900ad74aae998445a68e9d7cecb5198da5b7d830c7d5b2bf70b90e3a7fc
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/269f4900ad74aae998445a68e9d7cecb5198da5b7d830c7d5b2bf70b90e3a7fc/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e2pusafnosvotgceljuotv6oznizrws3pwbqy7k3fp3qxehdu76a._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/220718-xa7bcadbh3/
Behaviour
Script User-Agent
Looks up external IP address via web service
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/269f4900ad74aae998445a68e9d7cecb5198da5b7d830c7d5b2bf70b90e3a7fc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Mekotio

Microsoft Software Installer (MSI) msi 793d375fd731665fe926913e74d7ddc360d5a31adbe2c7f3ff708ba9d6e2927d

Mekotio

zip 269f4900ad74aae998445a68e9d7cecb5198da5b7d830c7d5b2bf70b90e3a7fc

(this sample)

  
Dropped by
SHA256 793d375fd731665fe926913e74d7ddc360d5a31adbe2c7f3ff708ba9d6e2927d
  
Dropped by
MD5 7612659376518ff6ff5cd89f48206829

Comments