MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5490aca659dc4eebce7050589715a79b63656e3214b75285a8fbc453f8471f55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5490aca659dc4eebce7050589715a79b63656e3214b75285a8fbc453f8471f55
SHA3-384 hash: c6c7df45986df48fd5999c396baf85de2fa5993825a933a8f034838ac5275fd958646e50200b9a1969040a16475c38c2
SHA1 hash: 34003387e68eacc1031c499ca8f63521970a82bc
MD5 hash: eae023cdb898b7bcd8d943862d447ff8
humanhash: video-arizona-cup-delaware
File name:file
Download: download sample
File size:2'610'176 bytes
First seen:2022-11-28 19:53:08 UTC
Last seen:2023-08-26 21:45:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 87ae157be6a4594704f8a968fd8b9ec0 (2 x RedLineStealer)
ssdeep 49152:5su8tY7+FOPosvXGJcIwNH7YeeSe0yvqCsLGYuh/VDIQl290Uj05PiM4U:5t/KFOPbv20JMed7isihJ55B4U
Threatray 28 similar samples on MalwareBazaar
TLSH T112C5020DC93149A6CB991438A9C254D6BCF546F3FCB0DC4C7D2E9FBB2E99422B126349
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter jstrosch
Tags:exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Suspicious activity
Analysis date:
2022-11-28 19:55:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/201ddcf3-615f-4a0b-b076-692db563badf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/339537/
Detection(s):
SecuriteInfo.com.Win32.PWSX-gen.21606.13185.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Searching for synchronization primitives
Сreating synchronization primitives
Changing a file
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/638511db5be128ac718f5d63/reports/005efaf7-266a-4901-91b3-8e652ec8fb26/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/777838e5-c1bd-4342-a42c-183695c76a2f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1122850
Signature
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5490aca659dc4eebce7050589715a79b63656e3214b75285a8fbc453f8471f55/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2022-11-28 18:34:36 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
8 of 26 (30.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ksikzjsz3rhoxttqkbmjofnhtnrwk3rscs3vfbni7pcfh6chd5kq._file
Verdict:
malicious
Similar samples:
02d7d291ffc7de130f2ee245dfa551fdddbe6121960ccaad16cc484b7b28aa61
4163a4f3bdd0b1af108c7136083419062ff2ce55e6060402be43ffbe4c3f513c
8e1e08c92f3a7abd76de079490335c47cbaedfc3f7895d9e03305ff45cef2eb0
91941257171d17fb42004df11a03220a3282074754dd133d163476fa8872efe8
93c37274d14ecdf415aaeed8516bcb3486b68173a97525d4936f94685011e870
a6ffd97ca5d47f2251a53ccd3ab891a9fec5b7d0f316b4c11e7d88f19765b1b4
d53858652b5a1d5c9b30f70f85db725b10494564bf08136cd8afdc7f7788f2bc
fdc92784b4410c6bd69f9985c3849baaefe9eae5e57a12f343eff37b1472d94d
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/221128-ymhzysge4x/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Uses the VBS compiler for execution
Unpacked files
SH256 hash:
d7ca61ce7aca6bd163d86c12ee86cc80927163eee4a98f7de8f5efaabc1c8e3d
MD5 hash:
9283178f16a7fd02213f1c6a74d60410
SHA1 hash:
74acee2ba564bef33b881cbc1e9024dce50c909e
Link:
https://www.unpac.me/results/431b57f0-ff9d-4855-821f-cb8c01ad61b4/
SH256 hash:
5490aca659dc4eebce7050589715a79b63656e3214b75285a8fbc453f8471f55
MD5 hash:
eae023cdb898b7bcd8d943862d447ff8
SHA1 hash:
34003387e68eacc1031c499ca8f63521970a82bc
Link:
https://www.unpac.me/results/431b57f0-ff9d-4855-821f-cb8c01ad61b4/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/5490aca659dc/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5490aca659dc4eebce7050589715a79b63656e3214b75285a8fbc453f8471f55

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5490aca659dc4eebce7050589715a79b63656e3214b75285a8fbc453f8471f55

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/339537/

Comments