MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d0c64f538bf4abd4c1a717257dc7a4918ec053af68c0b6c3e937456a3cc01cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d0c64f538bf4abd4c1a717257dc7a4918ec053af68c0b6c3e937456a3cc01cf
SHA3-384 hash: 49a8559cf52616361ba3054a71d8060dfefea3c8087f788321bae1b32e9804d98996c7b8eb3efa7403d59fa8dd35cf4e
SHA1 hash: bca1ae51e65bd0ab1cf7b67297dea81d4b8a8c63
MD5 hash: e4442d5490388de423c200f5d40db68e
humanhash: saturn-victor-summer-cup
File name:e4442d5490388de423c200f5d40db68e
Download: download sample
File size:1'060'352 bytes
First seen:2022-08-31 00:10:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6c7c4ff80ca566b10c2d2a685e7a69c3
ssdeep 24576:HbliiIURA+vJ//gA26dhgnKq2JuPTW3Y9O2cbwsk:HbliiIUS+vJ//rvunKfJuPTWmO2sk
TLSH T1AD359E24B740AA25E9A38C3D8ADC4369233D2473235366DB6FC4509CCB7E6D2B23579D
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/306459/
Detection(s):
Win.Packed.Zusy-9949768-0
Create hunting rule

ditekSHen.INDICATOR.Packed.TriumphLoader.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/36114/overview
Behaviour
MalwareBazaar
MeasuringTime
CheckNumberOfProcessor
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/630ea7733e9e50b1baee5587/reports/9f3b0a87-3e89-42a3-b608-1333a19d0eea/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1061072
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d0c64f538bf4abd4c1a717257dc7a4918ec053af68c0b6c3e937456a3cc01cf/
Threat name:
Win32.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2022-08-30 14:02:00 UTC
File Type:
PE (Exe)
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fuggj5jyx5fl2ta2ofzfpxd2jemoybj262gaw3b6sn2fni6mahhq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220831-aglxnafgc9/
Unpacked files
SH256 hash:
2d0c64f538bf4abd4c1a717257dc7a4918ec053af68c0b6c3e937456a3cc01cf
MD5 hash:
e4442d5490388de423c200f5d40db68e
SHA1 hash:
bca1ae51e65bd0ab1cf7b67297dea81d4b8a8c63
Link:
https://www.unpac.me/results/eb648cb6-b1ce-4216-b3ed-dbd337e62719/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2d0c64f538bf4abd4c1a717257dc7a4918ec053af68c0b6c3e937456a3cc01cf

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2285064/
Cape
Cape
https://www.capesandbox.com/analysis/306459/

Comments


Avatar
zbet commented on 2022-08-31 00:11:00 UTC

url : hxxp://37.139.129.142/htdocs/SeSsPYXEqCrEMLg.exe