MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c245e6f199b0d579015fc5bc4322710133ef58d61f3df034d862085aecb3a14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c245e6f199b0d579015fc5bc4322710133ef58d61f3df034d862085aecb3a14
SHA3-384 hash: 46e8bcd80bb8a7b0c0c84495b66dcf40f56d764cfde4e3b36a0f3342e30a3eed9165538bcc5b9b2d6bfdf955439f4eed
SHA1 hash: bee424ddc7ce146e5ab037e59a6b63b2a1151cbd
MD5 hash: e19dec9b517a349d0ec6e5a2c3422d8e
humanhash: washington-twenty-bulldog-charlie
File name:Pedido100293.exe
Download: download sample
File size:334'072 bytes
First seen:2021-07-01 14:52:37 UTC
Last seen:2021-07-13 13:29:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 05d3dce2be32df01ca249872dd2cc117 (1 x GuLoader, 1 x HijackLoader)
ssdeep 6144:naVWdyzOxeA1DfdwX3MmIO9G+RXoq3aNq+dL8LJ3QvWiC7JWxfmIa6JUrUkc:nMROxdDfOnMmX9G+RXowaNq+F8L5Qeih
Threatray 4 similar samples on MalwareBazaar
TLSH E06412F61B9E98DFCCD2A375D86C87238F04AF2A0580CE76E83178553F1B5EB6945218
Reporter Anonymous
Tags:exe signed

Code Signing Certificate

Organisation:Mozilla Corporation
Issuer:DigiCert SHA2 Assured ID Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:2020-05-07T00:00:00Z
Valid to:2021-05-12T12:00:00Z
Serial number: 0ddeb53f957337fbeaf98c4a615b149d
Intelligence: 4 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 1dd436f9e9a33ccbf19a785fbdccf512f36c753bbb9cf3787b4200162a6bdfe4
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
CupĆ³n2600306.zip
Verdict:
Suspicious activity
Analysis date:
2021-05-21 11:44:57 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f7e6c9f0-e96b-4d3b-bd50-f2153200f397

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/169185/
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f477d3b4-b00a-46e7-9f1f-a2bf4081e2bc
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
spyw
Score:
21 / 100
Link:
https://www.joesandbox.com/analysis/810641
Signature
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c245e6f199b0d579015fc5bc4322710133ef58d61f3df034d862085aecb3a14/
Verdict:
unknown
Similar samples:
5066020c9801057b9e6e6e5ced5ef8d35854cb58118e4aae55d7d3b532ebcecd
e0e20159839ff7fa71278a67d90b7fa685733d19c3eb36de406669e6c070c60e
f635354e86b28a65eb77122574493cfe2e37efeca2d3df316a4880db6e3786b9
f89110f497e2a39c3fc34329b16e5528564bae652fda61cd07410b27e046fdf3
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery evasion spyware stealer trojan upx
Link:
https://tria.ge/reports/210701-6w5pq95rae/
Behaviour
Checks processor information in registry
Modifies Internet Explorer settings
Modifies registry class
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Program Files directory
Checks installed software on the system
Checks whether UAC is enabled
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
6b553f94ac133d8e70fac0fcaa01217fae24f85d134d3964c1beea278191cf83
MD5 hash:
d4f7b4f9c296308e03a55cb0896a92fc
SHA1 hash:
63065bed300926a5b39eabf6efdf9296ed46e0cc
Link:
https://www.unpac.me/results/bdc10f55-9285-4e0d-9c40-07d36eaac805/
SH256 hash:
bcb6572fcb846d5b4459459a2ef9bde97628782b983eb23fadacbaec76528e6f
MD5 hash:
2979f933cbbac19cfe35b1fa02cc95a4
SHA1 hash:
4f208c9c12199491d7ba3c1ee640fca615e11e92
Link:
https://www.unpac.me/results/bdc10f55-9285-4e0d-9c40-07d36eaac805/
SH256 hash:
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb
MD5 hash:
f4d89d9a2a3e2f164aea3e93864905c9
SHA1 hash:
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a
Link:
https://www.unpac.me/results/bdc10f55-9285-4e0d-9c40-07d36eaac805/
SH256 hash:
a9bf0f70b6e4ed960399731e1ce736e0449c7607dc09bfb7db6b80fba4e690ce
MD5 hash:
42e30e49bb85dd66ebc2a4cdd4a3df6c
SHA1 hash:
e4571789a8236e8bc049e8abe1e15f399f10ca1b
Link:
https://www.unpac.me/results/bdc10f55-9285-4e0d-9c40-07d36eaac805/
SH256 hash:
6cef0afc150fff4c26f5b4bfd5d948bfc3522fb7931c66d3c9492a5e99fb575b
MD5 hash:
ac825ddae5c44ddbfb8188468b13c3e7
SHA1 hash:
4a07a6d5e521005c75d257bcced1c523633707c6
Link:
https://www.unpac.me/results/bdc10f55-9285-4e0d-9c40-07d36eaac805/
SH256 hash:
36d8fdf629fdd3d37ccf8050352bba16b4a80311f3ed7a0fc5936167d5c03ebc
MD5 hash:
4e9787611c9a1c0a76924dd446cca898
SHA1 hash:
433f204ec6407a4ed1b5979e77cc6d50db2431bc
Link:
https://www.unpac.me/results/bdc10f55-9285-4e0d-9c40-07d36eaac805/
SH256 hash:
9432eb73c6f54856efff54e7ab98292cb70bf4ed14e2fd65d4844303d461fc88
MD5 hash:
a29cec8eb280da8d60a74fd34088dd8d
SHA1 hash:
1d84073ffe2b3305895a84f105067351091e9015
Link:
https://www.unpac.me/results/bdc10f55-9285-4e0d-9c40-07d36eaac805/
SH256 hash:
f8301019c4a5c04d0af8723506201be59a376190f45664deb96eba579de78928
MD5 hash:
dedcf3ce565da350c84e01cae3a97df3
SHA1 hash:
513b4ed232210392496ea4279fb7f8de77267663
Link:
https://www.unpac.me/results/bdc10f55-9285-4e0d-9c40-07d36eaac805/
SH256 hash:
87319ecabb7a80baf1eb17070f054a5640b8d17a4a381f56e04f7daf92085110
MD5 hash:
9acaa1b7d83d65af5c7d2cf6e0e17d9c
SHA1 hash:
af9436332c98a5228963d39cf7c1be948ebe20ed
Link:
https://www.unpac.me/results/bdc10f55-9285-4e0d-9c40-07d36eaac805/
SH256 hash:
9e218f71f0fcf1f86263fd51d1f6b558be94b60da2fe67a58e30b5fed5f5c60f
MD5 hash:
e9bdd0e17820434077b0ebf5fb15f936
SHA1 hash:
6a2a832bf7a79d8c9c871d017b6fbd54dd0535a1
Link:
https://www.unpac.me/results/bdc10f55-9285-4e0d-9c40-07d36eaac805/
SH256 hash:
912bae78f9f4f7e70ea26b73f0e59a0930b7f839120f392a1bcddd37b3f01366
MD5 hash:
b73e107df4fc485d629e6d3d9c68b684
SHA1 hash:
58743b6b9644cdb45a640952995dcb62c433d908
Link:
https://www.unpac.me/results/bdc10f55-9285-4e0d-9c40-07d36eaac805/
SH256 hash:
3c245e6f199b0d579015fc5bc4322710133ef58d61f3df034d862085aecb3a14
MD5 hash:
e19dec9b517a349d0ec6e5a2c3422d8e
SHA1 hash:
bee424ddc7ce146e5ab037e59a6b63b2a1151cbd
Link:
https://www.unpac.me/results/bdc10f55-9285-4e0d-9c40-07d36eaac805/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3c245e6f199b0d579015fc5bc4322710133ef58d61f3df034d862085aecb3a14

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_KB_CERT_0ddeb53f957337fbeaf98c4a615b149d
Create hunting rule
Author:ditekSHen
Description:Detects executables signed with stolen, revoked or invalid certificates
Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/169185/

Comments