MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b0aeb438931bb39ad766baaee5675673f46684c20ad4485ed27c396f6e5dd53. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b0aeb438931bb39ad766baaee5675673f46684c20ad4485ed27c396f6e5dd53
SHA3-384 hash: ae83b8b1049c8522e58f8470cda94444ebdee6e8d5d1d454463eb82e5d312ab754ee54399b0666b4a8c81307ca0cab97
SHA1 hash: d59777413f936ad41c60f741c5522d02cfcdaa04
MD5 hash: edf0277b95bb86badde4eb8ee66ba007
humanhash: princess-pizza-bakerloo-alanine
File name:edf0277b95bb86badde4eb8ee66ba007
Download: download sample
File size:2'025'472 bytes
First seen:2023-05-12 17:51:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0e6e7a2a71494ed0e171c50470a6666b
ssdeep 24576:UrpHfP19rk1kOGf5gTrHqCr4fEoNxa7esfI7OO1ZFoxdF3G1AJhO47fGL1G5ycGm:iDkyxhgTmCr4fEtesw7OO+FDJhO185y
Threatray 11 similar samples on MalwareBazaar
TLSH T16B958E56B3F400F8D0ABD17989165607EBB2B405176097DF56E0CA6A6F23FE21A7F320
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon f0f0caecb0d2ecf0
Reporter zbetcheckin
Tags:64 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
338
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
edf0277b95bb86badde4eb8ee66ba007
Verdict:
No threats detected
Analysis date:
2023-05-12 17:51:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c045cfc5-69f3-4bb7-a396-2d2c64f4aeba

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/388749/
Detection(s):
SecuriteInfo.com.Variant.Mikey.146525.21576.3067.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
DNS request
Creating a file in the %temp% directory
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/83738/overview
Behaviour
MalwareBazaar
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
crypto greyware hacktool packed shell32.dll
Link:
https://www.filescan.io/uploads/645e7cc3a0adb168453e1c83/reports/c74bdd57-e827-4d90-84ec-780c3c3b64b7/overview
Verdict:
Malicious
Labled as:
Trojan.Win64.Agent
Link:
https://www.hybrid-analysis.com/sample/2b0aeb438931bb39ad766baaee5675673f46684c20ad4485ed27c396f6e5dd53
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d2577729-0847-4148-bb7d-34d9e9cd0435
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1231807
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2b0aeb438931bb39ad766baaee5675673f46684c20ad4485ed27c396f6e5dd53/
Threat name:
Win64.Trojan.Mikey
Create hunting rule
Status:
Malicious
First seen:
2023-05-12 17:52:09 UTC
File Type:
PE+ (Exe)
Extracted files:
18
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fmfowq4jgg5ttllwnovo4vtvm47um2cmecwujbpne7bzn5xf3vjq._file
Verdict:
unknown
Similar samples:
231e3371fc3a1bcf991ca1342c7e0ae50b2128d5cfd07714b487825adbe0c002
5895af5f3925b4919d8891b75cc73dd70eecfd2489cab1c61a7cc12f55d9942d
8221518c5f5419483fe4f1d2b0e2a43f94d8eddb074f22c9518a2e3d74685276
8c2f279f19084c2f3e22142293aa362052d74122a46d0bcb8bed5abf3b6c697c
c5204dd0f5f8ed167cfaee4f8baeb92754116cb6ea974f35ac8686067ff1293f
d6089ca4f682bbc8ed8fbb8c979f9f4b9cbd4c55a8748a8e945be3cca1b2f578
e74e9eef09f0408bc12122664feab0f172a77bda450290cb2c583a1fb09a18b7
f0c50139a7c5ba242d301b20d0fb928f96021fb0bf3e329dcd4444a75540f082
f74c603fdc251eb3b10e215f92de9729c67a32e5353f73d156bce5402a7153ab
fecb0d6858bb301f1cd98d6f7c12aa675b384903d7b00471c92c6f77c987f71f
+ 1 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/230512-wfp4ksea63/
Behaviour
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
2b0aeb438931bb39ad766baaee5675673f46684c20ad4485ed27c396f6e5dd53
MD5 hash:
edf0277b95bb86badde4eb8ee66ba007
SHA1 hash:
d59777413f936ad41c60f741c5522d02cfcdaa04
Link:
https://www.unpac.me/results/66b9319c-b345-4821-83dc-c59c5cc08a45/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2b0aeb438931bb39ad766baaee5675673f46684c20ad4485ed27c396f6e5dd53

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2630778/
Cape
Cape
https://www.capesandbox.com/analysis/388749/

Comments


Avatar
zbet commented on 2023-05-12 17:51:14 UTC

url : hxxp://104.156.149.33/yes/4496EOhNFImHEZOIsrnCCTmYaysV.exe