MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d59e857c6923b6ead19109dbf591bbe93f3407153c992ad35fc6ed8969a34c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d59e857c6923b6ead19109dbf591bbe93f3407153c992ad35fc6ed8969a34c3
SHA3-384 hash: 4f6b099e93453b93d693fee6e0ba3a25c46566fdf869e3a1be86d6310bad5c405ef13ac338440e3867fd7ad75c025e04
SHA1 hash: 69e432ffc2e577a45d6c3f94d4b1c773d5055475
MD5 hash: 963aa12c1d0427cb154d519f21358ab4
humanhash: oxygen-lion-white-mars
File name:build.exe
Download: download sample
File size:214'470 bytes
First seen:2021-07-20 09:50:41 UTC
Last seen:2021-07-20 10:41:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 93090825f4d50b06b8a9fd72cf3ffbfb
ssdeep 6144:DxmHNY8NGV0G9jjcExRQmu7OvRAOIW3eq0:D4HNY8cV0Ujtu7OvRkq0
Threatray 4 similar samples on MalwareBazaar
TLSH T189247C5078E2C472D571153548F8EBB58A3EBD610F658AFB77D40B3E4E302C29A31A7A
Reporter JAMESWT_WT
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PayClient.exe
Verdict:
Malicious activity
Analysis date:
2021-07-02 17:23:59 UTC
Tags:
teamviewer tvrat rat trojan loader redline
Link:
https://app.any.run/tasks/4d23d5ce-4af3-40c3-b357-cfe8347f70ea

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/172762/
Detection(s):
SecuriteInfo.com.Trojan.Siggen13.27150.9051.11486.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/98366377-b1dc-4d85-a681-7dd00dec6919
Result
Threat name:
Unknown
Detection:
malicious
Classification:
adwa
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/818807
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Drops PE files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d59e857c6923b6ead19109dbf591bbe93f3407153c992ad35fc6ed8969a34c3/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2021-05-10 21:39:17 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1301c8f8790bb1d686a95f39d699b59e9816fae2af64a6d9c75170fc4c75d537
17d54f646d676b09788537f84fc3bfc8699d78a6b11b98db1097de2e625aa70b
80227896b81e39620f95acf0da9b41f8d555719fbe1cce0b5e341e7a0a307b0d
b1e6a236f66273f314961b8b6731fe76df76d0a900b3561dcf85447ef73041d4
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210720-r2yf4rd13a/
Behaviour
Suspicious use of WriteProcessMemory
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
4d59e857c6923b6ead19109dbf591bbe93f3407153c992ad35fc6ed8969a34c3
MD5 hash:
963aa12c1d0427cb154d519f21358ab4
SHA1 hash:
69e432ffc2e577a45d6c3f94d4b1c773d5055475
Link:
https://www.unpac.me/results/3c3602f8-f864-4a2a-9798-ca3f900e854b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4d59e857c6923b6ead19109dbf591bbe93f3407153c992ad35fc6ed8969a34c3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4d59e857c6923b6ead19109dbf591bbe93f3407153c992ad35fc6ed8969a34c3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1468186/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/172762/
  
URLhaus
https://urlhaus.abuse.ch/url/1468207/

Comments