MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 377e1d877dff96cc006241c8cb7e38e25eb25ceae12c4b7a51bdc0ca56910237. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 377e1d877dff96cc006241c8cb7e38e25eb25ceae12c4b7a51bdc0ca56910237
SHA3-384 hash: 3085e0bb805e29e7792da703fa346129ac24876f8f264180ff1eefbbbffcdf79ec256dd43ad23f370bb778c3345d7263
SHA1 hash: f2df57e6f1d271dc3e41d8762c2f34b62b933ffe
MD5 hash: 2706cb24ae7e523580044a8bb4448d73
humanhash: asparagus-mars-oranges-berlin
File name:2706cb24ae7e523580044a8bb4448d73.exe
Download: download sample
File size:4'540'416 bytes
First seen:2022-03-03 08:57:38 UTC
Last seen:2022-03-22 05:17:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7dc28ef949f54ad98c715895ecc34cff (79 x RedLineStealer, 2 x Formbook)
ssdeep 98304:L51p+nQu2l7qNYzhNnby7oaUJYjRG3QKZyyO8lRU1ZEchX1Tr:rknQugqmDG7TUJ+k3O9eI1r
Threatray 1'494 similar samples on MalwareBazaar
TLSH T1302633657760EE06CA5EEB7C12CA9F16830FED20A243BC5749E9F571B1848DE38912D3
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/246799/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/e384b300-63c9-44b7-be18-ec32f22ab2bd
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/949840
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file has nameless sections
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/377e1d877dff96cc006241c8cb7e38e25eb25ceae12c4b7a51bdc0ca56910237/
Threat name:
Win32.Infostealer.Convagent
Create hunting rule
Status:
Malicious
First seen:
2022-03-03 08:58:14 UTC
File Type:
PE (Exe)
AV detection:
23 of 42 (54.76%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0c79f85a96cc8f5f555585d9d011b56b56ad38f8ab5070b6c296efef9c442d88
3be27e6954e9f1ad80c57c82c3f27f2174463824667131d6b5cbdd56a79d32e0
7ee9fb0abc60de5047fb5e85cafc5a05383978bb1653a8ae824437488238d611
858e2cbb9cdd5c508a4efa60a5d99117cc5fac8e571c348ff295132244a9df47
8844dbcbde3d75ab481f542037e72aa1c902570ec7fd18bdb3a51c367b05894a
977c68b28f92df1f9cb32d67323dc5c13ee2da192f8007dbf893338529bd88e2
b5938c03650e60c155fcd791580459cabb77d515f3d4e97afab7e3175c3b6e9e
e69a5acecc913dd2a60736303db36b6f2415caf682dfff23dc5e7822e5bf117a
ff96c1b6af7f067e0ffe1d90c7d91dd39ac01f22ebb7868eb54f2d414951a728
+ 1'484 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220303-kw6wgsaah7/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
538781bf44b6b8ce9a7fe9eebdc6852801c5f55f4b4273e5380b0f249e42d0f8
MD5 hash:
04a50001ee8e97a5b5085ba6a7ed9420
SHA1 hash:
07a35042dc4747f6c625d0a57aca9905484a1ae0
Link:
https://www.unpac.me/results/5fce71df-2f21-4a3b-bcbf-6eea26ecd402/
SH256 hash:
377e1d877dff96cc006241c8cb7e38e25eb25ceae12c4b7a51bdc0ca56910237
MD5 hash:
2706cb24ae7e523580044a8bb4448d73
SHA1 hash:
f2df57e6f1d271dc3e41d8762c2f34b62b933ffe
Link:
https://www.unpac.me/results/5fce71df-2f21-4a3b-bcbf-6eea26ecd402/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/377e1d877dff96cc006241c8cb7e38e25eb25ceae12c4b7a51bdc0ca56910237

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 377e1d877dff96cc006241c8cb7e38e25eb25ceae12c4b7a51bdc0ca56910237

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2072700/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/246799/

Comments