MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 304587f5823f2c43f9452b47d3b3f1a3cb1d25218eaf62a5c5bcacc2a6af6fd3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	304587f5823f2c43f9452b47d3b3f1a3cb1d25218eaf62a5c5bcacc2a6af6fd3
SHA3-384 hash:	b33fad7c140bb7fe640b0949754b8d7d4293b7d9d8c41af123f19a7702cddab572a698adf99eb4f19c79d9c862c761f7
SHA1 hash:	82a3d0346d1b421013eb7da90949bbec5b0b2dce
MD5 hash:	6bd75388a7d8b8b856663769ea263c38
humanhash:	stream-twelve-don-ohio
File name:	start.exe
Download:	download sample
File size:	4'222'464 bytes
First seen:	2022-05-30 16:50:37 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	98304:98/vg6mVQrYIEDpkI0bC0X/IvYMalFUJHpiH:9So9BIH2dYMWU1Q
Threatray	150 similar samples on MalwareBazaar
TLSH	T10B1633D4D8AC8303E6B5F73ACEC3B588DB10F4F154916F81CDB1AB87414B699246AB74
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	JaffaCakes118
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

319

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

start.exe

Verdict:

No threats detected

Analysis date:

2022-05-30 16:50:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/93ecb429-a561-4758-854b-13b2a78d496c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/275535/

Detection(s):

SecuriteInfo.com.Trojan.MulDrop20.7111.19512.9775.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Using the Windows Management Instrumentation requests

Changing a file

Creating a file in the %AppData% subdirectories

Running batch commands

Launching a process

Enabling autorun by creating a file

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug packed trickbot wacatac

Link:

https://www.filescan.io/uploads/6294f5f83223462f89ec001d/reports/657001aa-d13b-49eb-928a-d75923a5766f/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a40903f5-94af-4de4-b511-52d255ecdf78

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw.evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1003789

Signature

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/304587f5823f2c43f9452b47d3b3f1a3cb1d25218eaf62a5c5bcacc2a6af6fd3/

Threat name:

Win64.Trojan.TrickBot

Status:

Malicious

First seen:

2022-05-29 10:15:27 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

23 of 41 (56.10%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gbcyp5mch4weh6kffnd5hm7rupfr2jjbr2xwfjofxswmfjvpn7jq._file

Verdict:

malicious

84858e95dcf7fe3cb43f819f8b496ecc1b44e6f4ea938fb00b0b5c117e9b4075

b3bed1dd25d3031b2d951cab09c87524e022c3cae334e627e26b68e7fb7b9770

c1eae8655ba2f8afc1fdba12f836ad4ba4d26057109b8f70519aba2b88c9b92b

c3e1e5ecdab6126e17bf88fbfee1cd7141d0cbf8f80d939632b479448aec681a

cfbac2647ebe2341242d1c6375d766e4490c9d16fdbf100301e9e8102aeba62c

d0733e6d63cc945305a0cd7aa12b86b75d0c6840f7d9ec853aca379c18c22528

e2f406a64288fc869e73312835ddeaab6b70ceb8d02661eff96a7a98dc5f261a

e381d2ff39b4396f61397eb75ab10ba5002c3ae50c4062aee82d7ea444e59917

e69716b0ea13b412bf6e3ac4f9a0bca987d99788f9d20cedd8fcacee0a7c3f38

+ 140 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/220530-vcsvmacda5/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Reads user/profile data of web browsers

UPX packed file

Unpacked files

SH256 hash:

5fd3319ef614a6a2fde58f912ddf1ca0f1e4dcf31e1de0acdbcd30e0f879bc48

MD5 hash:

c263fb916949bb5201d5a87a9ca7591f

SHA1 hash:

8120f167c18a1a7a8986c5766ead3463ce7454c1

Link:

https://www.unpac.me/results/058f35f7-54cb-4d01-9f60-d7b326c3b82c/

SH256 hash:

304587f5823f2c43f9452b47d3b3f1a3cb1d25218eaf62a5c5bcacc2a6af6fd3

MD5 hash:

6bd75388a7d8b8b856663769ea263c38

SHA1 hash:

82a3d0346d1b421013eb7da90949bbec5b0b2dce

Link:

https://www.unpac.me/results/058f35f7-54cb-4d01-9f60-d7b326c3b82c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/304587f5823f2c43f9452b47d3b3f1a3cb1d25218eaf62a5c5bcacc2a6af6fd3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 304587f5823f2c43f9452b47d3b3f1a3cb1d25218eaf62a5c5bcacc2a6af6fd3

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/275535/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample