MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4200ae1f7366584cd6e5e7d1d85d37e8d5b6bd6fcd1b1705ede0a0b31303f452. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4200ae1f7366584cd6e5e7d1d85d37e8d5b6bd6fcd1b1705ede0a0b31303f452
SHA3-384 hash: 1501e694c2c3f471dbaef24707f0a726bddcaf5618528c649c48c4d6a61d1f4ee7975d9618ff782d0428325b2d1c850e
SHA1 hash: c2f69eb02330e8f3de96ae36c39c58966e218090
MD5 hash: 45143df507c4bfb3301e3addc029b93b
humanhash: west-hotel-lake-oscar
File name:45143df507c4bfb3301e3addc029b93b.exe
Download: download sample
File size:563'848 bytes
First seen:2023-06-30 07:51:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ae3313a7e55f2835265780c2d394ac1d (2 x RedLineStealer, 1 x Amadey, 1 x AveMariaRAT)
ssdeep 12288:7u9vfF7AR6tnIu2k1JiMVubH75+vPlyqtcHohUHA:Ml7QSnb1i2ub0VyNHZHA
Threatray 64 similar samples on MalwareBazaar
TLSH T17EC4F11339EC83E4C2FDF433815EF8158E36E7B11E72698B63E4A15E1A706419932BD6
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
276
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
45143df507c4bfb3301e3addc029b93b.exe
Verdict:
No threats detected
Analysis date:
2023-06-30 07:57:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1dbd7f09-2410-4bc2-a46e-0770dac41a6e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/403993/
Detection(s):
Win.Malware.Pwsx-10005218-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/94235/overview
Behaviour
MalwareBazaar
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/649e89a32299d26882637a7b/reports/d6e36add-2bb6-4d2d-94b1-5bfcedc4f5d7/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/4200ae1f7366584cd6e5e7d1d85d37e8d5b6bd6fcd1b1705ede0a0b31303f452
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dbbbe04e-9686-4aee-80ed-21b6948e911a
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1263714
Signature
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4200ae1f7366584cd6e5e7d1d85d37e8d5b6bd6fcd1b1705ede0a0b31303f452/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2023-06-30 00:32:09 UTC
File Type:
PE (Exe)
AV detection:
20 of 37 (54.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iiak4h3tmzmezvxf47i5qxjx5dk3nplpzunrobpn4cqlgeyd6rja._file
Verdict:
unknown
Similar samples:
03a0d43bdbc0828e29918b46eb891e9622a710a430b48243afb2ccd87b7a6295
0607901ab40d19311dd4db0ef9200597bb5523be82ac72c1ce0a6cef7484dd5a
19e8083ff0290480e03d8907de6652320ec08f22ab1439ba65bebcca2c3daa19
21fad8616890cf4f837256c1f08a7253eb2c635eda856b4bf0bdcf757fe11df8
4eefe15812a6806769912c731f734edab166fbfa94b9734551ce04e47dac5acf
59a894ea657c52488e4d0b1b5a67988ca4057e9be7babe3e2d67a85e8267a3ca
63ffebbe4a88dfcc781e6d38de5cbffc7fc8f938f9f230352f4f31a6c6eee1c4
7e014c48883a5e5d1b2ec8ed24fc04fb7c1f15406ebc80ba5acea7ab263ecff3
86f5b4f32c68f9337a19363da77d77b6275923da37d2e4144b8f0740620fd3ac
+ 54 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230630-jqedlshe2v/
Unpacked files
SH256 hash:
4200ae1f7366584cd6e5e7d1d85d37e8d5b6bd6fcd1b1705ede0a0b31303f452
MD5 hash:
45143df507c4bfb3301e3addc029b93b
SHA1 hash:
c2f69eb02330e8f3de96ae36c39c58966e218090
Link:
https://www.unpac.me/results/333bffc4-3b24-498e-a317-8eed6f2f50ab/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4200ae1f7366584cd6e5e7d1d85d37e8d5b6bd6fcd1b1705ede0a0b31303f452

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2672229/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/403993/

Comments