MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d2e2ad393b62986226d97b0430b25b5c5dfe5f7cb79f0aa4957631615bd441e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d2e2ad393b62986226d97b0430b25b5c5dfe5f7cb79f0aa4957631615bd441e
SHA3-384 hash: 51cdf3a51678e5fdb9ecf82923eebaca8d6ea9419cb0277e665c6ded75f277a2dac3d3b630b2e9746c1e4c1f034a7445
SHA1 hash: ade29c931c1c65af1715a347eca412d7302e4d7b
MD5 hash: dc66a3e7a0a5891cce2254d68adffae9
humanhash: kentucky-pizza-timing-network
File name:test.exe
Download: download sample
File size:3'076'675 bytes
First seen:2022-05-24 20:40:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d0dfe559e003c7370c899d20dea7dea8 (9 x RedLineStealer, 1 x Amadey)
ssdeep 49152:vmRQEdJh904FEOBJ0opNth9H2JGD6xe2hua8jGcG/e6Y:vUQEdJh904FEO/04h9H2JW6xziCcsY
Threatray 38 similar samples on MalwareBazaar
TLSH T16DE54B139B8B0E75CDC27BB461CB633B9734EE30CA269B7FE609C53559532C5681AB02
TrID 33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
21.3% (.EXE) Win64 Executable (generic) (10523/12/4)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter JaffaCakes118
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
350
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
socelars
Create hunting rule
ID:
1
File name:
File.exe
Verdict:
Malicious activity
Analysis date:
2022-05-24 19:36:49 UTC
Tags:
evasion trojan socelars stealer loader opendir rat redline amadey ransomware stop
Link:
https://app.any.run/tasks/1c1f30c9-62ae-419f-84ee-e2b08f3186ad

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/274295/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug overlay packed spyeye wacatac
Link:
https://www.filescan.io/uploads/628d431edbc0312ea2aec856/reports/c37317ef-d2a1-4c6d-804e-f0781370c052/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/75390faf-c12b-41bd-a0e0-b56adc6c1165
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1001061
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 633554 Sample: test.exe Startdate: 24/05/2022 Architecture: WINDOWS Score: 64 18 Multi AV Scanner detection for submitted file 2->18 20 Machine Learning detection for sample 2->20 6 test.exe 1 2->6         started        process3 signatures4 22 Writes to foreign memory regions 6->22 24 Allocates memory in foreign processes 6->24 26 Injects a PE file into a foreign processes 6->26 9 WerFault.exe 23 9 6->9         started        12 conhost.exe 6->12         started        14 AppLaunch.exe 6->14         started        process5 file6 16 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 9->16 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d2e2ad393b62986226d97b0430b25b5c5dfe5f7cb79f0aa4957631615bd441e/
Threat name:
Win32.Trojan.SpyStealer
Create hunting rule
Status:
Malicious
First seen:
2022-05-24 17:26:58 UTC
File Type:
PE (Exe)
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0641e05ea68f13feea00f6d69da6ad465d68353b9cebaccc7e17bf6b646d34cd
10835ba7c73aa0239a2f7b60264afa9c31aec8f719388ac13c07a23ea221bd20
2dcaabc7567be2d913a8f0df7c972cc19d7ac220889f74342aa40cad5ec80f1d
48f41b0138a1ab48c0caa4c76b5f81044d0e242cce0dccc7148b6a35e471c327
61993e08ea08b735c8966bea3c2cab4dbd2c62ccd1ad88ec42c59e1a9a8f8c71
8c506402fee84059ee450e9befa30f224e63eac74380a664755f5e9d31f88f91
93a849272c8cd95c44685d207ccc52d5d458d149bdbe6792f5410c54bf378790
b32fee0012472a3a59cd889f163c2f4629e8042efe7dfc24d173f78d7bc0d3e7
d4688e6e5455d4601d2988f805b8e1652def668899185a6c179827f13e72941a
+ 28 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/220524-zgewsabgel/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
943ff54b29c05b2364ccf9714f93b213d3e17fd6ce2fc775b549238f5aa04575
MD5 hash:
fdfe4fb7995db5357cf84e25b4544549
SHA1 hash:
ae7f724a63f0b399465c85e3af9757df86da5dad
Link:
https://www.unpac.me/results/c9ba5589-60b0-4984-8f64-91b2b1fb9632/
SH256 hash:
2d2e2ad393b62986226d97b0430b25b5c5dfe5f7cb79f0aa4957631615bd441e
MD5 hash:
dc66a3e7a0a5891cce2254d68adffae9
SHA1 hash:
ade29c931c1c65af1715a347eca412d7302e4d7b
Link:
https://www.unpac.me/results/c9ba5589-60b0-4984-8f64-91b2b1fb9632/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2d2e2ad393b62986226d97b0430b25b5c5dfe5f7cb79f0aa4957631615bd441e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2d2e2ad393b62986226d97b0430b25b5c5dfe5f7cb79f0aa4957631615bd441e

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/274295/

Comments