MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26dae66b18522e7ef2068a1ba6452b455f2910acbc43e7ca05f53085d7a9cc42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	26dae66b18522e7ef2068a1ba6452b455f2910acbc43e7ca05f53085d7a9cc42
SHA3-384 hash:	ffcd4b238c74fdce2933faaab5ffbb12ac6c9cfb81d44beb7eb48d52668db71d2e03169f0167f5c3395c89a3a4e34811
SHA1 hash:	0caa73ac7a38b85b583471d894d2047b685854be
MD5 hash:	c952100030b021b7747e9ac019091751
humanhash:	johnny-uranus-blue-quebec
File name:	file
Download:	download sample
File size:	2'666'712 bytes
First seen:	2022-12-16 16:11:46 UTC
Last seen:	2022-12-17 05:51:32 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9b07102925b4f59f35c71f053bd1ede5
ssdeep	49152:jKaGorwh5N01b0QXMG1P4A9HuUHgdXaYdEqNdcZg1cakN3AABkTJwYLHJq0b3G0:qorm5NA1r4A97gz7Ig1cakN3AjTJwYLV
Threatray	43 similar samples on MalwareBazaar
TLSH	T183C58D58DA0390BEE82314F1067BF6FF9520563544B08C5BEA8CDDB4AE72DA2631971F
TrID	37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 12.7% (.EXE) Win64 Executable (generic) (10523/12/4) 7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://vk.com/doc92042242_648113183?hash=1CMEAN7DL3ETvnzavKUQfYdNKzoSi7t1vQ48vsFcoEz&dl=HEZDANBSGI2DE:1671195935:tQimZ3DYdKLF1oDO5wwo5WsZ0et4jqr1LVLy19WYOVw&api=1&no_preview=1#1055_1401

Intelligence

File Origin

# of uploads :

# of downloads :

177

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2022-12-16 16:13:24 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/01cc36dc-e4d8-4331-a9a8-c78ca6c262d3

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/347047/

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.21395.10767.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Changing a file

Sending an HTTP POST request

Creating a file in the %temp% directory

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Sending a custom TCP request

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/52793/overview

Behaviour

MalwareBazaar

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

anti-debug hacktool overlay packed

Link:

https://www.filescan.io/uploads/639c98d3075f9c34235bbb2b/reports/1e919b80-d5c2-4962-9638-0ef03a5faa5c/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/4f1d0dd9-f20a-47f4-a547-2f5fba7bcbf0

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.spyw

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1135846

Signature

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Tries to harvest and steal browser information (history, passwords, etc)

Uses known network protocols on non-standard ports

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/26dae66b18522e7ef2068a1ba6452b455f2910acbc43e7ca05f53085d7a9cc42/

Threat name:

Win32.Adware.RedCap

Status:

Malicious

First seen:

2022-12-16 16:12:09 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

15 of 26 (57.69%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=e3nom2yykixh54qgrin2mrjlivpssefmxrb6psqf6uyilv5jzrba._file

Verdict:

unknown

217c469af3fe96773cf891fcdd050b71e8da6c29c55a2af173e80d265e444af2

5490aca659dc4eebce7050589715a79b63656e3214b75285a8fbc453f8471f55

8003300a0cc3a9582a04152e53b32d7b7bad9fc908916415ea6ed08c7694f820

a964be69ae3a3b5aa6b824909ea7d3a65e3b6230aba8d5199dfca82284029b72

c03077ccb8e64308640cdb4761d6a8ea57360f011dc45ce9ff83b2d90b422605

d53858652b5a1d5c9b30f70f85db725b10494564bf08136cd8afdc7f7788f2bc

ebca8b7ecba334b24d7898375005ae378f02ee751351032d4c68a215c0b601e6

fc708c22acda37fb50cea6d603cb794852d8311349970461b178ff66dedccc0b

+ 33 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/221216-tnhclafa52/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Reads user/profile data of web browsers

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/4423f14c-7d22-4ba6-8ec1-52244fb1e075

Unpacked files

SH256 hash:

26dae66b18522e7ef2068a1ba6452b455f2910acbc43e7ca05f53085d7a9cc42

MD5 hash:

c952100030b021b7747e9ac019091751

SHA1 hash:

0caa73ac7a38b85b583471d894d2047b685854be

Link:

https://www.unpac.me/results/c231aa0d-ac2c-4f9f-9878-ad557819c37b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.98

Link:

https://yomi.yoroi.company/submissions/26dae66b18522e7ef2068a1ba6452b455f2910acbc43e7ca05f53085d7a9cc42

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/347047/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample