MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2956aa1ab9cc6636e5a65247e4f430a856c51a93d6466607e1c9715cacba699e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RustyStealer


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2956aa1ab9cc6636e5a65247e4f430a856c51a93d6466607e1c9715cacba699e
SHA3-384 hash: a9de62f411e33cc2d579b46f0a84bcb789ec25c917902b5b19824f498f665faa2470639f0b85f8f1c891a0926a9871c3
SHA1 hash: c5fc909c5a1552d03c775afc8947b34bedc7d920
MD5 hash: 25f3ec35345e14179cc19ac3de7d9330
humanhash: vegan-thirteen-venus-two
File name:25f3ec35345e14179cc19ac3de7d9330.exe
Download: download sample
Signature RustyStealer
Create hunting rule
File size:300'032 bytes
First seen:2021-09-30 15:20:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 85876006c2ecd2e9a446192cb4f7518c (3 x RustyStealer)
ssdeep 6144:7LoYiRV6tyYQ6wN4FVUlaP0DgvrmXL4Y2uxrDU+:7cYU6t4OF6lak
TLSH T147544A07E38554F8D46EC1B883569532F671BC454725BAEF2BE036212E22FE0AB3E745
Reporter abuse_ch
Tags:exe RustyStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
179
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
25f3ec35345e14179cc19ac3de7d9330.exe
Verdict:
No threats detected
Analysis date:
2021-09-30 21:20:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a3f5876c-316a-4198-a114-d0ca4298a7fb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/193725/
Detection(s):
SecuriteInfo.com.Win64.ClipBanker.Z.1792.17411.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ceadc305-2103-42ca-b362-2c8428c9803f
Result
Threat name:
MicroClip
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/862035
Signature
Yara detected MicroClip
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 494461 Sample: NEZp4OFSUt.exe Startdate: 30/09/2021 Architecture: WINDOWS Score: 48 12 Yara detected MicroClip 2->12 5 NEZp4OFSUt.exe 4 2->5         started        8 RuntimeBroker.exe 2 2->8         started        process3 file4 10 C:\Users\user\AppData\...\RuntimeBroker.exe, PE32+ 5->10 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2956aa1ab9cc6636e5a65247e4f430a856c51a93d6466607e1c9715cacba699e/
Threat name:
Win64.Infostealer.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2021-09-30 05:55:41 UTC
AV detection:
3 of 45 (6.67%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210930-srdyxaaae8/
Behaviour
Suspicious use of AdjustPrivilegeToken
Drops startup file
Unpacked files
SH256 hash:
2956aa1ab9cc6636e5a65247e4f430a856c51a93d6466607e1c9715cacba699e
MD5 hash:
25f3ec35345e14179cc19ac3de7d9330
SHA1 hash:
c5fc909c5a1552d03c775afc8947b34bedc7d920
Link:
https://www.unpac.me/results/6d973015-a253-423c-bfe1-b29c9fa4e8d7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2956aa1ab9cc6636e5a65247e4f430a856c51a93d6466607e1c9715cacba699e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Rustyloader_mem_loose
Create hunting rule
Author:James_inthe_box
Description:Corroded buerloader
Reference:https://app.any.run/tasks/83064edd-c7eb-4558-85e8-621db72b2a24

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RustyStealer

Executable exe 2956aa1ab9cc6636e5a65247e4f430a856c51a93d6466607e1c9715cacba699e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1648850/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/193725/

Comments