MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29a6578670ab4f4c849c2088a623956b385edc30fa0544e66eb8fcfb72235303. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 29a6578670ab4f4c849c2088a623956b385edc30fa0544e66eb8fcfb72235303
SHA3-384 hash: 12f26527dc7c632a098a5b65159222cc913d29775808c818d6023cccb912df2d069c25b1373cc9c6171f43a8cad696e4
SHA1 hash: abb4439bf9bbffba2f77cdf6df4319c8a75847e2
MD5 hash: ab520bbdbd7a2a502a344ca9f67bce37
humanhash: massachusetts-snake-sweet-spaghetti
File name:file
Download: download sample
File size:4'317'696 bytes
First seen:2022-11-08 19:26:54 UTC
Last seen:2022-11-16 15:54:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:QmXjv2Ji2gAtldkORGxM3RpTYTp3ARyDTlLTmt0JqJDaszYhmAWKikHhTiqyz:J5knQxMvT0UiVTmt0JYD9zYhmAWKii1u
Threatray 145 similar samples on MalwareBazaar
TLSH T1071633DC8356C390DDF96CBA2F493B2DB77E4B0A505E9B0D80D235DA47590C8B316B8A
TrID 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter andretavare5
Tags:exe


Avatar
andretavare5
Sample downloaded from https://vk.com/doc760750097_655664060?hash=rUSowCEZFooTA1cEQYcCvLBuNqgWXScx7eczczdhl1z&dl=G43DANZVGAYDSNY:1667934772:AtAyNQb9iKmZxLPZoJSHa496icvguAlTxSNJyVpX6h4&api=1&no_preview=1#inst2

Intelligence

File Origin
# of uploads :
349
# of downloads :
157
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
67.zip
Verdict:
Malicious activity
Analysis date:
2022-11-04 00:10:40 UTC
Tags:
trojan rat redline
Link:
https://app.any.run/tasks/2cb1d78e-a5c6-4a18-a6b4-68133a9842f9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/330808/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/636aad884965a861c71fc818/reports/4e1017ba-9f73-4419-b94a-cf6645763a47/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/ba2f85c9-8827-4d51-958e-63ee355e6797
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1108574
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/29a6578670ab4f4c849c2088a623956b385edc30fa0544e66eb8fcfb72235303/
Threat name:
Win64.Trojan.Privateloader
Create hunting rule
Status:
Malicious
First seen:
2022-10-31 07:03:03 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
17 of 25 (68.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fgtfpbtqvnhuzbe4ecekmi4vnm4f5xbq7icujztoxd6pw4rdkmbq._file
Verdict:
malicious
Similar samples:
25bb1b8e163acf68f060f21c668cf4acb7541e46947af13f11b0581cea7cbf2d
2a1276d50bffabe2b41cd6c789ef1b5df02080d1ed1c87acce6bcc91f0ac29f8
42c5acd0133e2653a0e4f9792906d42f16cf44c6ea920dca1edaf74618feb437
46925967d26cb4373de322bde604948b21a6100822d52b003c82eb88f42668e6
5d624f8e7057338458913360aa8187f73df438184232eca592e12b37d0b2781a
65d77c6d99bfdf41472afef809ff3a719e16610ac76fc68994b10bbae824dc6d
7e7cf5a3069c6ffd76d00f193d85cd8d0afcd13ae022626d21b11e264700c91c
7ec738bfdf48fd3a07f87eee1bf8f17a4d790b97263e9655106369c642bff090
b61546030dbe1d3839d0244d814e48f88b36f70303750590b67cfed3486a4e8d
+ 135 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/221108-x5376sfdal/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
UPX packed file
Unpacked files
SH256 hash:
d8567e4dea8797da901b25cab001b526f0e7f21f209c3843d7f83eaced4e01df
MD5 hash:
c1ac9b2f2009dd4774fbdd89062c1b16
SHA1 hash:
aec9a2c05adf7013a9e9eaff7d00e5089f59dbfa
Link:
https://www.unpac.me/results/b1079fcb-8c92-44c2-a495-4c6350c8562d/
SH256 hash:
29a6578670ab4f4c849c2088a623956b385edc30fa0544e66eb8fcfb72235303
MD5 hash:
ab520bbdbd7a2a502a344ca9f67bce37
SHA1 hash:
abb4439bf9bbffba2f77cdf6df4319c8a75847e2
Link:
https://www.unpac.me/results/b1079fcb-8c92-44c2-a495-4c6350c8562d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/29a6578670ab4f4c849c2088a623956b385edc30fa0544e66eb8fcfb72235303

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/330808/

Comments