MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37c70b0afb4a0287138c59d169478d09cf216e53b0f4c5e34e83ae2537d731d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37c70b0afb4a0287138c59d169478d09cf216e53b0f4c5e34e83ae2537d731d3
SHA3-384 hash: a7418be708a30cf13f0ba3ae8029c0463dc2cbf1c96124c32fe76d6c33ef0b109e8d288740fde774534a70e21f16c4e1
SHA1 hash: d514c928d48aebf98433814b2230e1192a643102
MD5 hash: 7ce07d94af910e6ffd34fa72ae3060a4
humanhash: sierra-rugby-pluto-fillet
File name:7ce07d94af910e6ffd34fa72ae3060a4.exe
Download: download sample
File size:1'702'400 bytes
First seen:2022-01-17 06:41:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 23e911f9a82ac0d345fa6cc9104b6bf4
ssdeep 24576:nui93Vkg97e2KjCcGIG4W6VifDWIkJ7iJtxNhtNNefd0OIG3RQlyrLxoA8ZPo+Zn:dlJe9G3D6JYxpNNEd0OIcRfn0Po+Z1I
Threatray 765 similar samples on MalwareBazaar
TLSH T1B975BE1AA3A842F8D0ABD178C946964BE7F27C461230D79F16E45E5E1F77BB01E2E310
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
144
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7ce07d94af910e6ffd34fa72ae3060a4.exe
Verdict:
No threats detected
Analysis date:
2022-01-17 06:51:31 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f29ebb40-f3a6-4500-a5c9-b10690d9bced

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/219714/
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Win.Malware.Spyagent-9830839-0
Create hunting rule

Win.Dropper.Pswtool-9857488-0
Create hunting rule

Win.Packed.Jaik-9862233-0
Create hunting rule

Win.Trojan.Jaik-9869659-0
Create hunting rule

Win.Trojan.Jaik-9873403-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending an HTTP GET request
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a process with a hidden window
Reading critical registry keys
Sending a custom TCP request
Stealing user critical data
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/4418/overview
Behaviour
MalwareBazaar
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
GetTempPath
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
fingerprint greyware packed print.exe
Link:
https://www.filescan.io/uploads/61e50fc3f81da814af883564/reports/c2f76ddc-ad90-4e00-80a3-6a831d2e7f7e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8939addf-9da7-46e1-aa75-c9bf5e0f0f69
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/921561
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected WebBrowserPassView password recovery tool
Yara Genericmalware
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/37c70b0afb4a0287138c59d169478d09cf216e53b0f4c5e34e83ae2537d731d3/
Threat name:
Win64.Hacktool.NirSoftPT
Create hunting rule
Status:
Malicious
First seen:
2022-01-17 03:30:18 UTC
File Type:
PE+ (Exe)
Extracted files:
75
AV detection:
24 of 28 (85.71%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
03430361a6d2fe6c89d6b237ca9b887cc6269187b305afc9ef3d8642533698c4
0ca57f85e88001edd67dff84428375de282f0f92e5bef2daed1c03ad2fa7612e
10eb78f5a36f8ca290bf100f6f05d7a04489cef0023e86860062d6d03e6fa9ed
2988763ce776fb8a9c79a2565384a30744cccd114cde7ee49b71965396f41bc7
48267b826fa7ec0cea8be878f979a967d0a091cccea9f226ad8d87b29dc94800
55560b608e7a7515329d395c72dc9cebc5cdd7b4c0f153d6e02eb74c2a609feb
6e52d162baf265e070ec1a3147ad651d8bd8481d96b33cee1b89d84e9c92c5f3
+ 755 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/220117-hgcmzshbaq/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Reads user/profile data of web browsers
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
37c70b0afb4a0287138c59d169478d09cf216e53b0f4c5e34e83ae2537d731d3
MD5 hash:
7ce07d94af910e6ffd34fa72ae3060a4
SHA1 hash:
d514c928d48aebf98433814b2230e1192a643102
Link:
https://www.unpac.me/results/bf194b56-12b8-4520-985f-4d7aeb59cea0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/37c70b0afb4a0287138c59d169478d09cf216e53b0f4c5e34e83ae2537d731d3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/219714/

Comments