MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55a882d3e119f17163a14f13175f7903a6321da1ac565b7e120d0db59b2b394e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55a882d3e119f17163a14f13175f7903a6321da1ac565b7e120d0db59b2b394e
SHA3-384 hash: dc9ab5c325d8618c6c4f52c59d9400cd90c1409280d7330cb4385631a7f4e15f674fbf6dbbc2aea74d1e078110dd57ba
SHA1 hash: 8829edce182336fdb7ad4d5791c4dd031e756494
MD5 hash: 422e2658c130115d29f3d34bfd8baef7
humanhash: steak-paris-winter-hydrogen
File name:DefendUpdate.exe
Download: download sample
File size:4'512'256 bytes
First seen:2023-04-02 09:42:54 UTC
Last seen:2023-04-02 10:32:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:JOrfO2hYm8SmMtSVA0GWZ2XRwKfP+XlufA8y5GAYl:JOrGMgbZYx3+VIZyMA
Threatray 168 similar samples on MalwareBazaar
TLSH T1DF26333C385F281DCDD72E321E23993EEB8EB29D0BA3D9299E7D716763096934138544
TrID 63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12)
24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.ICL) Windows Icons Library (generic) (2059/9)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter tcains1
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
252
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DefendUpdate.exe
Verdict:
Malicious activity
Analysis date:
2023-04-02 09:46:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8f238e63-0afd-44a9-8041-5d08c5a54c25

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/379327/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.66202568.1814.1334.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Reading critical registry keys
Running batch commands
Launching a process
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/64294e27c56b2da73aca6637/reports/bd141bef-1794-477b-8cc3-22fa7d9b3009/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/55a882d3e119f17163a14f13175f7903a6321da1ac565b7e120d0db59b2b394e
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ddbed88e-cac3-4791-9e59-2f9b6afa5711
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1206553
Signature
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 839469 Sample: DefendUpdate.exe Startdate: 02/04/2023 Architecture: WINDOWS Score: 52 16 Multi AV Scanner detection for submitted file 2->16 7 DefendUpdate.exe 2->7         started        process3 signatures4 18 Tries to harvest and steal browser information (history, passwords, etc) 7->18 10 cmd.exe 1 7->10         started        process5 process6 12 conhost.exe 10->12         started        14 choice.exe 1 10->14         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55a882d3e119f17163a14f13175f7903a6321da1ac565b7e120d0db59b2b394e/
Threat name:
Win64.Adware.RedCap
Create hunting rule
Status:
Malicious
First seen:
2023-04-01 13:37:00 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
15 of 21 (71.43%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kwuifu7bdhyxcy5bj4jrox3zaotdehnbvrlfw7qsbug3lgzlhfha._file
Verdict:
unknown
Similar samples:
3938e9e23562cf722e3bb98f6289351ff1ce0938f65177d3b581de5c763e90c4
3aac811cea31d85addf591a79e59441373476238716c04e5cc20d1d7239f18cc
67dd0268cb9b122574629662f97f6d56ffca8e7d478f38be141ac02131708730
6f44685480b6961646b61690437a4297fee311b3f3e5499ca82bd3517f40f87c
733501d537884cca4a051c6669c594411f55c910a4b71a0d31e5c622641b841d
b02a4cdd494c1e0963f824ecaf7d676f3c1572be89ddd7e89c79b5f16bdebd94
b9736626a522b3d6301ede70895f1ffbb592d88b2f9e7a9908797e0a0249b00c
bf8177e0d9fec8768807b4a379c97a4faeb7f4183e564513a734005addfe7ec0
c18415546f1a158b94e80c25aee66e2094f658a0c7e2301600951496d56bc7a1
ee51846bb0172312da1f5dcc204653cb62dff225ee015d8c1cc6776c91e6e424
+ 158 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/230402-lpw85sha21/
Behaviour
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
UPX packed file
Unpacked files
SH256 hash:
f50888bbcf75646630d5e078af87b424c8b10f51961ac448243e6fb955fae85b
MD5 hash:
a90eea304d74c6fd7db9617c96ea5c5f
SHA1 hash:
1d7f123ed751a2c814a107343f76bf568c0e0032
Link:
https://www.unpac.me/results/3d1d72ae-ad04-47b5-81cf-e3a4ec039932/
SH256 hash:
55a882d3e119f17163a14f13175f7903a6321da1ac565b7e120d0db59b2b394e
MD5 hash:
422e2658c130115d29f3d34bfd8baef7
SHA1 hash:
8829edce182336fdb7ad4d5791c4dd031e756494
Link:
https://www.unpac.me/results/3d1d72ae-ad04-47b5-81cf-e3a4ec039932/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/55a882d3e119f17163a14f13175f7903a6321da1ac565b7e120d0db59b2b394e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 55a882d3e119f17163a14f13175f7903a6321da1ac565b7e120d0db59b2b394e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2563428/
Cape
Cape
https://www.capesandbox.com/analysis/379327/

Comments