MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d7197c26f7e892d7a71fcd35b87955409a1be229d0363363bbcba41fc1260aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d7197c26f7e892d7a71fcd35b87955409a1be229d0363363bbcba41fc1260aa
SHA3-384 hash: 9c5246ab0e39e7fedc39eb7f8c3e826f7b9dc1c291c2b3882a4158552e85bf78a082d79f304a77e8734de7475be3ebc0
SHA1 hash: 3e6059360f1ad250672924205d6a41471280925d
MD5 hash: 1ae3c7c9b6ccb563a9f36e7212633f64
humanhash: tennis-echo-zulu-hamper
File name:Setup_patched.exe
Download: download sample
File size:462'336 bytes
First seen:2023-03-04 22:44:13 UTC
Last seen:2023-03-04 22:54:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c9adc83b45e363b21cd6b11b5da0501f (82 x ArkeiStealer, 60 x RecordBreaker, 46 x RedLineStealer)
ssdeep 6144:vZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6:RANwRo+mv8QD4+0V16
Threatray 666 similar samples on MalwareBazaar
TLSH T113A42F42C2B20267F14796F2F4E384C74FA5BD4E159C0D16B8C23929C52B419B69BFEE
TrID 92.6% (.EXE) Win32 Executable Borland Delphi 7 (664796/42/58)
1.9% (.EXE) Win32 Executable Delphi generic (14182/79/4)
1.8% (.SCR) Windows screen saver (13097/50/3)
1.3% (.EXE) DOS Borland compiled Executable (generic) (10000/1/2)
0.6% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 332b59656d651bae (2 x Stealc, 1 x ArkeiStealer, 1 x NetWire)
Reporter atomiczsec
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
221
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Setup_patched.exe
Verdict:
No threats detected
Analysis date:
2023-03-04 22:45:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fd6662ce-fb01-4714-8277-37597479a44d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/371667/
Detection(s):
SecuriteInfo.com.PSW.Generic8.ISF.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
fingerprint greyware shell32.dll
Link:
https://www.filescan.io/uploads/6403c9f366e79c93ba0dce7c/reports/67797570-d318-4011-bf0d-de329e6865c9/overview
Verdict:
Malicious
Labled as:
Win/grayware_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/4d7197c26f7e892d7a71fcd35b87955409a1be229d0363363bbcba41fc1260aa
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/cb3de006-ac26-45e6-a22d-909ce9a25bdd
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
21 / 100
Link:
https://www.joesandbox.com/analysis/1187228
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d7197c26f7e892d7a71fcd35b87955409a1be229d0363363bbcba41fc1260aa/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jvyzpqtpp2es26tr7tjvxb4vkqe2dprctubwgnr3xs5ed7asmcva._file
Verdict:
unknown
Similar samples:
315c067e09291f265db5a15ebeb0c96df1334ff2a7cec2411ede7a940a0322b3
7ad2ecc56160b66356e7b1c0a237bbea3a687e100b3bd9a14c4b4a23bb095d05
7fd0c18e417e77f1b4019024738211632265864ea3acf9f985eea6c0c75ba3ba
821811011a73d5e48c99ea7b028f0eb6ec9e755d08b6cfe081a5d33ee045a1fc
9a62e6ee0e71139a8e68a6092c27deb32077a27980c767a44cd5138ffcdca837
9f6b69057e19a7fd08aab0b2df861a65337207dcfac2d6fbd0d1c0a2b75670e7
b503e95080871d70f3a758124d473ed31a4ede3d2e87d252d3bc878868274023
ba66c7a46a35c1b38aa76a199ae19a65674786771b153e0fadc62fcd28367396
f3d62ca6b2dfd77bd362dc1f4ec6e99bb43302e82583e6e8dce38df9ea1f6fe5
+ 656 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230304-2pdpssfa98/
Unpacked files
SH256 hash:
4d7197c26f7e892d7a71fcd35b87955409a1be229d0363363bbcba41fc1260aa
MD5 hash:
1ae3c7c9b6ccb563a9f36e7212633f64
SHA1 hash:
3e6059360f1ad250672924205d6a41471280925d
Link:
https://www.unpac.me/results/134fca57-e698-4e8b-b8e4-33ca9a4b4e24/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/4d7197c26f7e892d7a71fcd35b87955409a1be229d0363363bbcba41fc1260aa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/371667/

Comments