MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ea6afd8cd172d7a43de0e037d7250b9036de4b87e1f0c10ba04c286c8c58704. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ea6afd8cd172d7a43de0e037d7250b9036de4b87e1f0c10ba04c286c8c58704
SHA3-384 hash: 22cd6032dcaec6c1cf377a3602688d1fc7b3657124313fd3b7a8c2e96c890a645293fdc68aba72faa071ef69617f0a97
SHA1 hash: d42ad7f2723f699cc7de6fa079fb5373d81802d3
MD5 hash: 22fbdbddd05ab5346e7a7f5adb79cc2e
humanhash: king-lamp-freddie-lactose
File name:22fbdbddd05ab5346e7a7f5adb79cc2e.exe
Download: download sample
File size:5'757'840 bytes
First seen:2021-10-18 05:28:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ab020de3096b6aafb4fadfac4d16825 (16 x CryptBot, 3 x ArkeiStealer, 3 x LockBit)
ssdeep 98304:AH7CgqLPRPYv7cZuwYx72XPo0+X+6zVfdUgqr2/xCQM70GpdQwssWhLcm0kch/0:A+gqLKB2p5c1UP2zM701wsxLN9ch/0
Threatray 49 similar samples on MalwareBazaar
TLSH T13046D030768BC52BD5A604B15A3CDB9F5168BFB60F6190D7A3E42E6E05B48C31732E27
File icon (PE):PE icon
dhash icon 6ded69c7b130b2c0 (12 x CryptBot, 8 x ValleyRAT, 4 x NetSupport)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Vidar
Create hunting rule
Link:
https://www.capesandbox.com/analysis/198028/
Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug anti-vm fingerprint greyware overlay packed
Link:
https://www.filescan.io/uploads/616d07aedb358dd15ebe4c48/reports/f1b2e6bb-82a2-4a5c-a820-ad8a0c2fe8e4/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/e0bef586-b44c-4951-aa69-539cb9606332
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/871975
Signature
Machine Learning detection for dropped file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 504404 Sample: mWvxXYwvqU.exe Startdate: 18/10/2021 Architecture: WINDOWS Score: 48 33 Machine Learning detection for dropped file 2->33 35 PE file has a writeable .text section 2->35 6 mWvxXYwvqU.exe 197 2->6         started        9 msiexec.exe 57 158 2->9         started        process3 file4 17 C:\Users\user\AppData\...\plotbinding.exe, PE32 6->17 dropped 19 C:\Users\user\AppData\Roaming\...\decoder.dll, PE32 6->19 dropped 21 C:\Users\user\AppData\...\ssleay32.dll, PE32 6->21 dropped 29 21 other files (none is malicious) 6->29 dropped 11 msiexec.exe 2 6->11         started        23 C:\Windows\Installer\MSI78F3.tmp, PE32 9->23 dropped 25 C:\Windows\Installer\MSI74AC.tmp, PE32 9->25 dropped 27 C:\Windows\Installer\MSI6E9E.tmp, PE32 9->27 dropped 31 22 other files (none is malicious) 9->31 dropped 13 msiexec.exe 9->13         started        15 msiexec.exe 9->15         started        process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2ea6afd8cd172d7a43de0e037d7250b9036de4b87e1f0c10ba04c286c8c58704/
Threat name:
Win32.Infostealer.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-10-17 21:19:05 UTC
AV detection:
3 of 45 (6.67%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
3555826df75751600d127b343a3214a0f9b4c211b1fdcdf9ccceb1dda6be5f27
42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3
446736e381fa8942f8d32cb4f2ae8fb6a9245fa0e70b7f7298ee7a5cb6fe9f32
73c1188d93bd4318a830cb6d891aae7580a61c396ce37ba3676a321bbd3a137e
96f69fe5148b0838909afe927aa280b4919b7f12b1593ed4a461de49fa725b1b
dc050b963c642e86bf74da5e85fbfcb0b3c12bd692808bf8ae12a36f4bcf3c84
ec5e384e2dc1a77a23eaf3130d6fe73abf081fa7433e0d67295926943813a2c9
+ 39 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/211018-f6lwvadhhn/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Enumerates connected drives
Loads dropped DLL
Reads user/profile data of web browsers
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
Unpacked files
SH256 hash:
2ea6afd8cd172d7a43de0e037d7250b9036de4b87e1f0c10ba04c286c8c58704
MD5 hash:
22fbdbddd05ab5346e7a7f5adb79cc2e
SHA1 hash:
d42ad7f2723f699cc7de6fa079fb5373d81802d3
Link:
https://www.unpac.me/results/54f263bc-3ecc-48c1-9ad7-b3a3f2a04d78/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/2ea6afd8cd17/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2ea6afd8cd172d7a43de0e037d7250b9036de4b87e1f0c10ba04c286c8c58704

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2ea6afd8cd172d7a43de0e037d7250b9036de4b87e1f0c10ba04c286c8c58704

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1644572/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/198028/

Comments