MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29c7ddeefe862a053b9eac65af95fcfbe736e5e46e73276ac399f1903af3ed3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 29c7ddeefe862a053b9eac65af95fcfbe736e5e46e73276ac399f1903af3ed3e
SHA3-384 hash: dc78a63f536c3f2751e5b743d47432e4739d33999514e4213c1f508b6f41bc6aa809012d949bc6b86da68f2bda0bd8e5
SHA1 hash: 383e0d797a2eed678b60eebff3fdbcd99b55fa61
MD5 hash: ec95825c3940a10ea74a833cbf7e1667
humanhash: mike-fruit-magnesium-carolina
File name:ec95825c3940a10ea74a833cbf7e1667
Download: download sample
File size:7'369'728 bytes
First seen:2022-08-27 13:15:32 UTC
Last seen:2023-08-26 21:00:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e6f4169f2a5c3a8f93171d9f593bd22a
ssdeep 196608:Br32plU0wJwrZ5WeOyk2KzNiNnYh1ZeG9z86D8O:Br32plUXc5WM2xiFk1ZeEzF
Threatray 4 similar samples on MalwareBazaar
TLSH T13A763303B7D59138E1BF1D3021EAD0B1D43E7A316AA5DE7A22C8436D5A704D1B72DB2B
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon f0968ee8aae8e8b2 (9 x Urelas, 5 x HermeticWiper, 4 x Starcat)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
269
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ec95825c3940a10ea74a833cbf7e1667
Verdict:
Malicious activity
Analysis date:
2022-08-27 13:17:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/03f3dd3d-ab76-4a82-99e4-490ce41a2117

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/301610/
Detection(s):
SecuriteInfo.com.Heur.31431.4601.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file
Creating a process from a recently created file
Moving a recently created file
Creating a window
Searching for synchronization primitives
Сreating synchronization primitives
Launching a process
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Creating a file in the %temp% directory
DNS request
Unauthorized injection to a recently created process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/30319/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed update.exe
Link:
https://www.filescan.io/uploads/630a191e393b1c8c471a5ed0/reports/0e159f1c-2cab-4ceb-b89c-d55633254a9d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/c0969170-d937-4083-9dc2-dc38d50a0af5
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1058903
Signature
Multi AV Scanner detection for submitted file
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/29c7ddeefe862a053b9eac65af95fcfbe736e5e46e73276ac399f1903af3ed3e/
Threat name:
Win32.Trojan.Phonzy
Create hunting rule
Status:
Malicious
First seen:
2022-08-27 13:16:46 UTC
File Type:
PE (Exe)
Extracted files:
215
AV detection:
10 of 26 (38.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fhd533x6qyvako46vrs27fp47pttnzpenzzso2wdthyzaoxt5u7a._file
Verdict:
malicious
Similar samples:
26613597e6d95832653eb761c6a7acc7275e54ac4f5b832442682085028ee8f0
30adc7e27edd040a019eb98a92f3c66c9a3c199e547baf411c2fd9948627c19b
538dcfdf83192a091a5b38d65a397deed5f90b7438089c95c3976b6e08725b53
d0b8bb3c3174174273f797a86915b23799103d11885d20d408df8d67f12fa20a
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery persistence
Link:
https://tria.ge/reports/220827-qhs1csccb2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Adds Run key to start application
Checks installed software on the system
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
085794522700afe60d30eb9a9f7e863b8a30c750285af2a79a6eb0d814f448ab
MD5 hash:
c861dfa25ed743aea17707f619eda27d
SHA1 hash:
e3f349bbff7d15d34939ad3f2bd041f58b07ad63
Link:
https://www.unpac.me/results/d11e8ca0-b0ec-4be8-8d9d-f1a862754162/
SH256 hash:
e72254cd64e957daba137d027faab9df40412aea1696f5f2fa42e4d954c6d815
MD5 hash:
f137e1701f8d7ad7155ef9f27eb71bc4
SHA1 hash:
d116bd67874175b2b890b941743d54421e96b7e7
Link:
https://www.unpac.me/results/d11e8ca0-b0ec-4be8-8d9d-f1a862754162/
SH256 hash:
e1793d65865f94dc84052f2e5f6788723621f40357e59d5acb3a2c3541846778
MD5 hash:
93a5faa554b5ce2b360a408bf047f0c6
SHA1 hash:
bfbe345fd8c6e79f5625584c8f44dec095849739
Link:
https://www.unpac.me/results/d11e8ca0-b0ec-4be8-8d9d-f1a862754162/
SH256 hash:
04097e0365c648a68ba3fb6699b6daf18634e4664776c1f9daa136ec5f054eca
MD5 hash:
e967eebf5bf0f7c60a63ee7caabbe2a1
SHA1 hash:
acfa347e890cf03700ad5e8b3906c2881f442a19
Link:
https://www.unpac.me/results/d11e8ca0-b0ec-4be8-8d9d-f1a862754162/
SH256 hash:
5f5f8783fafb5f2372c84e3b11324d773109cb1c0721fed6aeebe7d8aff5e4fd
MD5 hash:
472754b5aafbefb8b2cf02f8612f1b9a
SHA1 hash:
82a85de00b09a78ef02a4de84cced96fe6a54065
Link:
https://www.unpac.me/results/d11e8ca0-b0ec-4be8-8d9d-f1a862754162/
SH256 hash:
68e2abf5046edcce9804bfdb00be83004a22e1986828d62bd912249a2d87bbf5
MD5 hash:
9aa407415929638850b116c1e8985048
SHA1 hash:
7c20c2185d1aa7668b43a942ec51adbadbf5a5f8
Link:
https://www.unpac.me/results/d11e8ca0-b0ec-4be8-8d9d-f1a862754162/
SH256 hash:
3b4e123dd6ad90287496405fab4d44b736792c0c3f4ffbf0626e6a78c6cc6b2d
MD5 hash:
5f1adaa6e4f61f662a58d810deecd38c
SHA1 hash:
68639af40905f3cfc0975b7060fd7fd9df39ad0b
Link:
https://www.unpac.me/results/d11e8ca0-b0ec-4be8-8d9d-f1a862754162/
SH256 hash:
0cd7784abf24f622d5a602bb558f2a732381cb8f6f0434293cfb8f62bf673c8c
MD5 hash:
50b31b125f89f1bf1c35e62be60163eb
SHA1 hash:
5f387de3fb46ebce5fe8382d9fe0b4f53d9e438b
Link:
https://www.unpac.me/results/d11e8ca0-b0ec-4be8-8d9d-f1a862754162/
SH256 hash:
ba1b0ac3c9378ff5bc088e3ce3b68fe2710f1ea3cd2d343852e85b8e33f0d44d
MD5 hash:
2dca61f85355dd5cbed7979dd22a035f
SHA1 hash:
29e434df974fedb6a0c791a1d04da82fff5e2e3b
Link:
https://www.unpac.me/results/d11e8ca0-b0ec-4be8-8d9d-f1a862754162/
SH256 hash:
29c7ddeefe862a053b9eac65af95fcfbe736e5e46e73276ac399f1903af3ed3e
MD5 hash:
ec95825c3940a10ea74a833cbf7e1667
SHA1 hash:
383e0d797a2eed678b60eebff3fdbcd99b55fa61
Link:
https://www.unpac.me/results/d11e8ca0-b0ec-4be8-8d9d-f1a862754162/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/29c7ddeefe862a053b9eac65af95fcfbe736e5e46e73276ac399f1903af3ed3e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 29c7ddeefe862a053b9eac65af95fcfbe736e5e46e73276ac399f1903af3ed3e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2280756/
Cape
Cape
https://www.capesandbox.com/analysis/301610/

Comments


Avatar
zbet commented on 2022-08-27 13:15:40 UTC

url : hxxps://streamtvbox.net/StreamTVBox.exe