MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4129b0100834fa75370b397f7f76ade3ba0f4935288701a1e217d065335334de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4129b0100834fa75370b397f7f76ade3ba0f4935288701a1e217d065335334de
SHA3-384 hash: 3f66ebc2b33b63cd6983c8ef244c8fce9562ae8ffdc2922a5c527cbf09d5a94b83685fabd8209e15979783b6db2935a5
SHA1 hash: f0d77ef0f48bd0e9e386ed15716771f3e1eefb4a
MD5 hash: 3a691cccef5f5ebaea490e965bd8d92a
humanhash: lithium-eleven-single-skylark
File name:3a691cccef5f5ebaea490e965bd8d92a
Download: download sample
File size:412'160 bytes
First seen:2022-12-26 12:43:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8941f259e9c8635cfddb95743df6c7e3 (2 x RedLineStealer, 1 x PandaStealer)
ssdeep 6144:mHNZ37xo0++Wa/Jcupbq4C4a/Nn0AOEwoCop55lMeF/Stam:mHf7xo0++Wa/J5OwPob5loEm
TLSH T11B944934254B8336D562113108EDB964EAF8A71F0B1D18E7E3900EAE8A2FFD155BD61F
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
207
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.StealerNET.125.24827.7553.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware overlay
Link:
https://www.filescan.io/uploads/63a997130e926711fd74b6ab/reports/13b01bb8-855f-485b-877c-ba6d4d09eb67/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Conti
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a2711fa3-7ad7-4f40-b34f-d3996f18d076
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1141119
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4129b0100834fa75370b397f7f76ade3ba0f4935288701a1e217d065335334de/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2022-12-26 12:44:07 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ieu3aeaigt5hknylhf7x65vn4o5a6sjvfcdqdipcc7igkm2tgtpa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221226-pygftsch93/
Unpacked files
SH256 hash:
4129b0100834fa75370b397f7f76ade3ba0f4935288701a1e217d065335334de
MD5 hash:
3a691cccef5f5ebaea490e965bd8d92a
SHA1 hash:
f0d77ef0f48bd0e9e386ed15716771f3e1eefb4a
Link:
https://www.unpac.me/results/5d6b7334-50ff-4db3-81e5-d3ddeb28c6f2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4129b0100834fa75370b397f7f76ade3ba0f4935288701a1e217d065335334de

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4129b0100834fa75370b397f7f76ade3ba0f4935288701a1e217d065335334de

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2487101/

Comments


Avatar
zbet commented on 2022-12-26 12:44:00 UTC

url : hxxps://cornstarchsa.co.za/2.exe