MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 434a55ad813b1a6b02c52f969ad2101dffb037871b160ee82090383a9961ac07. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	434a55ad813b1a6b02c52f969ad2101dffb037871b160ee82090383a9961ac07
SHA3-384 hash:	2c4e26c44afd257c7357d2ef04aa087fc31d134608414f91fb8224bfb14483dd60609b0f5c5b450c414f321a2594cc06
SHA1 hash:	562be0fd7bde3664d78fceb5e8eadcbe0d79ff6f
MD5 hash:	0d0feabd5380197e53851ccbba9865f3
humanhash:	edward-eight-berlin-triple
File name:	file
Download:	download sample
File size:	1'081'344 bytes
First seen:	2023-02-12 16:21:54 UTC
Last seen:	2023-02-12 18:35:52 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	482f298d05f21a8742e0277338b51a7f
ssdeep	6144:xsvgcQ1AJ1ohTEIKMit1yxN/lTfQT8iAhvyQAOPtzfiLPF0flbv1NeGYToV7Kw:ggX1AJ6tEIKMu1yxN/GT5QpwJ0Mc7P
TLSH	T1D235D001B5D1C472D5B325320DE4D7B99B3EB9204A619EBF67E80FBF4F30281D621A66
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://vk.com/doc10773776_659353211?hash=6HcMbxOjo3rVIFElizVgM1mpYBbbcJDGPVU6RNmigiL&dl=GEYDONZTG43TM:1676217570:W1ZzKxYb90PKfdStGDJtQuBkUtINZc6EODdyzdIoBH0&api=1&no_preview=1#crv1

Intelligence

File Origin

# of uploads :

# of downloads :

183

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

Suspicious activity

Analysis date:

2023-02-12 16:24:52 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/40786002-5705-403a-bafc-596159a320f3

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/364507/

Detection(s):

SecuriteInfo.com.Variant.Lazy.296718.29729.20873.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Searching for the window

Sending a custom TCP request

Forced shutdown of a system process

Unauthorized injection to a system process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/63e9122d91b0e663e8f5b884/reports/a584d1eb-cac2-4f75-93a5-a37787ff3a65/overview

Verdict:

Malicious

Labled as:

Win/grayware_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/434a55ad813b1a6b02c52f969ad2101dffb037871b160ee82090383a9961ac07

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

LummaC2 Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/72417490-adf9-4bff-9b6b-e800d67e8ab5

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw.evad.troj

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1172665

Signature

Allocates memory in foreign processes

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Uses known network protocols on non-standard ports

Writes to foreign memory regions

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/434a55ad813b1a6b02c52f969ad2101dffb037871b160ee82090383a9961ac07/

Threat name:

Win32.Trojan.Privateloader

Status:

Malicious

First seen:

2023-02-12 16:22:09 UTC

File Type:

PE (Exe)

AV detection:

16 of 26 (61.54%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=inffllmbhmngwawff6ljvuqqdx73an4hdmla52basa4dvglbvqdq._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/230212-tt9c9sfa99/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Unpacked files

SH256 hash:

434a55ad813b1a6b02c52f969ad2101dffb037871b160ee82090383a9961ac07

MD5 hash:

0d0feabd5380197e53851ccbba9865f3

SHA1 hash:

562be0fd7bde3664d78fceb5e8eadcbe0d79ff6f

Link:

https://www.unpac.me/results/39eb7d8d-a536-48a2-9d14-70b91f1a64bf/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/434a55ad813b/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/434a55ad813b1a6b02c52f969ad2101dffb037871b160ee82090383a9961ac07

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/364507/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample