MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30045003134b57417c5cf80aeca219f1d62bf739ae1b65e71a4b814d0168e7f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30045003134b57417c5cf80aeca219f1d62bf739ae1b65e71a4b814d0168e7f9
SHA3-384 hash: 3b088b5e7b506bc53f47944a00bc2e655666d7981fe9ae3e08211a0e0c887eb72c9023263a713e1b05268bbea6cd4315
SHA1 hash: e7d153a0f44e05efeab78d757db56c669055302b
MD5 hash: 7d44f54d4f68f800143be77969869690
humanhash: cold-lactose-alpha-vegan
File name:7d44f54d4f68f800143be77969869690.exe
Download: download sample
File size:2'537'984 bytes
First seen:2023-02-01 16:00:29 UTC
Last seen:2023-02-01 17:37:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 49152:Er/3LYMVX4DtcZtAdWqX1HUMKi3G1VxPcEuryzPWZuaNUjpj7EwvsQURQj:STYKi3KtVxrusPWoJDsfQj
Threatray 241 similar samples on MalwareBazaar
TLSH T167C5331607888A3CD9DD44BEBDBA6B04B4B59D4C4B97C75F9856F2121E00DC3B7EE20A
TrID 63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12)
24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.ICL) Windows Icons Library (generic) (2059/9)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
162
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7d44f54d4f68f800143be77969869690.exe
Verdict:
Malicious activity
Analysis date:
2023-02-01 16:22:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/56706703-e1ba-4ef8-83c1-0db7a2dc860b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/359160/
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.95862.15794.3974.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
No Threat
Threat level:
  2/10
Confidence:
67%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/63da8cc289bd67c10fdc088b/reports/b438d586-12cf-4476-843b-6223dc16960d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/65a8312a-b4f6-40e5-987e-716be3004fa4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1163492
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 796257 Sample: erntg6Q82o.exe Startdate: 01/02/2023 Architecture: WINDOWS Score: 60 21 Antivirus / Scanner detection for submitted sample 2->21 23 Multi AV Scanner detection for submitted file 2->23 7 erntg6Q82o.exe 2->7         started        process3 dnsIp4 17 youtube-ui.l.google.com 172.217.168.78, 443, 49709 GOOGLEUS United States 7->17 19 www.youtube.com 7->19 25 Tries to harvest and steal browser information (history, passwords, etc) 7->25 11 cmd.exe 1 7->11         started        signatures5 process6 process7 13 conhost.exe 11->13         started        15 choice.exe 1 11->15         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/30045003134b57417c5cf80aeca219f1d62bf739ae1b65e71a4b814d0168e7f9/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-01-31 04:17:09 UTC
File Type:
PE+ (Exe)
AV detection:
21 of 39 (53.85%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gacfaaytjnluc7c47afoziqz6hlcx5zzvynwlzy2joau2ali474q._file
Verdict:
malicious
Similar samples:
0a691a5ed595c40c6dea8ea3fec94961fd8522e047a4d85bb6b8adf1152560cf
33f7724e95023ea96f6d12626916a193cd9bef1598947b43605bbe12257605a7
34f29268fedfda9ca88800918939637a7f313131c6e04aebb9052f531b694c23
447ecfab4fe85b150463ef96240ae2690eae0534684af88a61b3e9fee459cd9c
6511d09ada2bc11a95c06bd20abb66f450b9b2a6ed1f00c723401884ce7a2e61
6e3f1055521e01bd967f22fd68b48410342264b62cf7b7998a6686a2141d4d67
8116aab7428774d74e15738db29842052c5f1a7c6bb4259026f75872c500b022
99481f540a11c13b1e960815d8a0e7d26cac8953c98e4f2d3b76e0acb61c6fe0
e36b44fc7788dec930e5b1575172124bd2ab6dc5dd474a3779d6095b02745299
ec82a15de2f6770b776c5ca7ed7b6e0deca7a17fcd6658eb952193c6a2fe2784
+ 231 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/230201-tf782scd9z/
Behaviour
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
UPX packed file
Unpacked files
SH256 hash:
a5c8c6c543c94f7808e6ad71a6b4fbd57bf17108a19ebf51c1535b6d5ffc7c1a
MD5 hash:
052e5054e1abd0c40d785d414c15c2d7
SHA1 hash:
5430dff4d1d23e9107560c899d7c8735c0bb4589
Link:
https://www.unpac.me/results/b3dec754-b14d-46bb-b915-02d509e5a1aa/
SH256 hash:
30045003134b57417c5cf80aeca219f1d62bf739ae1b65e71a4b814d0168e7f9
MD5 hash:
7d44f54d4f68f800143be77969869690
SHA1 hash:
e7d153a0f44e05efeab78d757db56c669055302b
Link:
https://www.unpac.me/results/b3dec754-b14d-46bb-b915-02d509e5a1aa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/30045003134b57417c5cf80aeca219f1d62bf739ae1b65e71a4b814d0168e7f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 30045003134b57417c5cf80aeca219f1d62bf739ae1b65e71a4b814d0168e7f9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2516964/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/359160/

Comments