MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5120dc50e93728e5673521f892562803fe8f3d210ddf81f68c071ddeb759eb22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5120dc50e93728e5673521f892562803fe8f3d210ddf81f68c071ddeb759eb22
SHA3-384 hash: 0fd06ca45854a46f330e44be66cde8219f4537294ff82ee990868371600d2bfcd886b2c7f121fff3df60e8302d6f6cc7
SHA1 hash: 1216781dcc03d5b1d14f66889e3f5853e0407703
MD5 hash: ddb42fa130ff41687c52f9394a37e5d7
humanhash: video-indigo-six-kansas
File name:sheat-cs-go_681819149.exe
Download: download sample
File size:4'036'829 bytes
First seen:2021-10-09 20:44:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 483f0c4259a9148c34961abbda6146c1 (17 x ValleyRAT, 8 x AsyncRAT, 7 x QuasarRAT)
ssdeep 98304:8IFg5tHSYnkmdt+El/AH/oIur8e0/cjkb9YytxhWfC3MNjsl0uTll:/GXHSYnkSt+Ms/mxxjkbBWfCcNktll
Threatray 30 similar samples on MalwareBazaar
TLSH T107163303B7D30C76E6A80A7CDC129048FF57BD9818F924631FF8E64D29B46C59C7A6A1
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter Anonymous
Tags:CryptBot exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
251
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
sheat-cs-go_681819149.exe
Verdict:
Suspicious activity
Analysis date:
2021-10-09 20:45:23 UTC
Tags:
installer
Link:
https://app.any.run/tasks/c09b9448-5b0b-4a26-8f0b-923c29ae8431

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/196342/
Detection(s):
PUA.Win.Malware.Speedingupmypc-6718419-0
Create hunting rule

SecuriteInfo.com.PUA.Systweak.Gen4.14801.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/6161ff55334ba92bd923b78d/reports/b8c6b6fc-e248-47a5-bba3-cdd57e44e917/overview
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5120dc50e93728e5673521f892562803fe8f3d210ddf81f68c071ddeb759eb22/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2021-10-09 20:45:07 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0116f75b2dfe1d64cd9d19f4cac4d142d29792b966e40c1cbc8ded58adef679b
111d1529eb5320465bc09a12146b321b0f4409372a8b73048b7798904082068c
1b7d7515f98891cf08164a7469bb9c9f3133e7834cfe99d55094594ca330e982
2097cfcef072f6b12370139d94a171073df2255807c01ad6d747f0d24a190aa6
34902083a2be05a3e749cbea6fab3e8b174b89e2294a543a570c4b47695bef99
592dea4eea3a4fc6540a4c677253f3936822f9040add569257eb1878cbafecca
7a786d6cfe052c82e7ab1d5b7f4427c594f2497c4fb374ab852e01c2c1a2b548
e3e22fc13470b9e42503c6b6add667cc3366a167b88dd99b14366b70926b31ca
e6447686ab68ede1a7b92ddc98b7e90ccf64d48876ace4b91cc45ea2437cc67c
+ 20 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/211009-zjqq3afdb6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Checks installed software on the system
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5120dc50e93728e5673521f892562803fe8f3d210ddf81f68c071ddeb759eb22

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/196342/

Comments