MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4376e6eeef6205e0d214d42b30bb504489d582b966f9d1cab956b837c293882e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4376e6eeef6205e0d214d42b30bb504489d582b966f9d1cab956b837c293882e
SHA3-384 hash: 0e7ac4821ce1f412098c3ad0451f23013e5b71cd70f7cd06d1f1e2c38b17a047292e91360baaeb9cadc40e28e5cbe039
SHA1 hash: bfa4c5f44f025cd3fe0dc2a72e5bfec4ff797ca1
MD5 hash: 32b29fa0eb1e8c481d0c8938bbd6584b
humanhash: golf-oranges-twenty-nebraska
File name:32b29fa0eb1e8c481d0c8938bbd6584b.exe
Download: download sample
File size:6'923'636 bytes
First seen:2023-01-16 16:33:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9165ea3e914e03bda3346f13edbd6ccd (3 x ValleyRAT, 2 x QuasarRAT, 1 x Redosdru)
ssdeep 98304:+TkU62GSCmu6RvLVUcwFMkFxWMkFxsMkFxJMkFxpMkFxPMkFxQMkFxiceW8SDMpQ:wyzKZUcWfvpqoc82sZ4Ssx
Threatray 3 similar samples on MalwareBazaar
TLSH T18C66D013F201C475C13D1DB161B693396E75B7B60D288E9BF3D4CEB9AD235328AA260D
TrID 32.6% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
17.2% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
13.7% (.SCR) Windows screen saver (13097/50/3)
11.0% (.EXE) Win64 Executable (generic) (10523/12/4)
6.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon 69ccebaaaab2cc69
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
247
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
32b29fa0eb1e8c481d0c8938bbd6584b.exe
Verdict:
No threats detected
Analysis date:
2023-01-16 16:38:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b170a508-5912-48c4-978f-015e8538d54c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/353482/
Detection(s):
Win.Malware.Flystudio-6937682-0
Create hunting rule

Win.Trojan.Agent-111655
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/60706/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm flystudio greyware overlay packed shell32.dll update.exe
Link:
https://www.filescan.io/uploads/63c57c7ebda854045c18c1e9/reports/b6e3cd71-5c20-4338-ba25-0cb3ee651a77/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6f07f8e0-9400-4542-ac93-6bdf40435815
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1152507
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4376e6eeef6205e0d214d42b30bb504489d582b966f9d1cab956b837c293882e/
Threat name:
Win32.PUA.Caypnamer
Create hunting rule
Status:
Malicious
First seen:
2023-01-16 16:03:33 UTC
File Type:
PE (Exe)
Extracted files:
101
AV detection:
23 of 38 (60.53%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=in3on3xpmic6buqu2qvtbo2qise5lavzm345dsvzk24dpqutraxa._file
Verdict:
malicious
Similar samples:
13e6ff5cb9fdf2ba6560edda8afa17724d14122dd087af29004c7684cb6c4252
af627addc0146dfa2e5c4c60e755397245d74469b5898f1887ba8db82afb37c5
f3b754bb24971b9f3cf0f9bea282ff88ce1d4ef6f93574cb030242849b96fb29
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230116-t25eaahh55/
Unpacked files
SH256 hash:
c0d385eb107963f367c9c20c8aa3eb94028a53069bdc573fedcab32fd42f7717
MD5 hash:
c344ea006b2e839af1f186d483aaa038
SHA1 hash:
7fb2701e9e11ba613a94d9190c833be1af94488d
Link:
https://www.unpac.me/results/a5248558-032e-4188-9b77-e81930119ab8/
SH256 hash:
4376e6eeef6205e0d214d42b30bb504489d582b966f9d1cab956b837c293882e
MD5 hash:
32b29fa0eb1e8c481d0c8938bbd6584b
SHA1 hash:
bfa4c5f44f025cd3fe0dc2a72e5bfec4ff797ca1
Link:
https://www.unpac.me/results/a5248558-032e-4188-9b77-e81930119ab8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4376e6eeef6205e0d214d42b30bb504489d582b966f9d1cab956b837c293882e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:without_attachments
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the no presence of any attachment
Reference:http://laboratorio.blogs.hispasec.com/
Rule name:with_urls
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the presence of an or several urls
Reference:http://laboratorio.blogs.hispasec.com/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4376e6eeef6205e0d214d42b30bb504489d582b966f9d1cab956b837c293882e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2431574/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/353482/

Comments