MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56529c2c9e4c0cef3eabea92c5c5e730d88728fac42ec5f3b980c312b4240057. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	56529c2c9e4c0cef3eabea92c5c5e730d88728fac42ec5f3b980c312b4240057
SHA3-384 hash:	ccea964fb4c7beae117bb22e204301eee998e443ce0ca1af7666b5d1cfe38302335264c9de2d91bc1dbf0d14ecf173e6
SHA1 hash:	2beae674a758cee2785808c8c10e7eb318aae1a8
MD5 hash:	876b634b482b86f67fbcf61bb475bbe8
humanhash:	maryland-edward-fruit-dakota
File name:	file
Download:	download sample
File size:	2'535'424 bytes
First seen:	2022-11-18 12:50:50 UTC
Last seen:	2022-11-19 07:52:22 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	49152:rgGDfcCSdn9A0fH9P9fsp0Q+nOCDDG0yEGxp4LLGsofak:EGDk3fdP9fspgdDIxCD/
Threatray	200 similar samples on MalwareBazaar
TLSH	T1C4C5335136EFCDABD17A05F89712A1341BA3E0BCDAF955372C0E4142A0EA393D6F5C29
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://vk.com/doc760750097_656330602?hash=F7SHNz3pnmLSr5WJasHCeZkBsWck3FF99Os5Jfw8GDP&dl=G43DANZVGAYDSNY:1668775113:xyw8mMNw1m5O6JAONrEKVdk3GDXMtOJPKrRM7usabBD&api=1&no_preview=1#2_1401

Intelligence

File Origin

# of uploads :

# of downloads :

203

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

No threats detected

Analysis date:

2022-11-18 12:53:52 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/892ad52d-32b4-4a5d-9cdc-33f6bfd79586

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/335757/

Detection(s):

SecuriteInfo.com.Win64.Evo-gen.14460.9520.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/63777fb765b4ed3de8c88f54/reports/6bf6821b-d6c5-493d-aeb3-3f90bc2c7136/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/59aaaca6-0d10-48aa-831c-dd18e31fc285

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1116496

Signature

Antivirus / Scanner detection for submitted sample

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/56529c2c9e4c0cef3eabea92c5c5e730d88728fac42ec5f3b980c312b4240057/

Threat name:

Win64.Infostealer.BroPass

Status:

Malicious

First seen:

2022-11-18 12:51:12 UTC

File Type:

PE+ (Exe)

AV detection:

12 of 25 (48.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kzjjyle6jqgo6pvl5kjmlrphgdmiokh2yqxml45zqdbrfnbeablq._file

Verdict:

unknown

226ed812358dd933659606de6a4c7effa16b4eb2c2003b9125a76097f36a7637

2e557bd01d811580bda017fd1d1070d56d722e7d261474f2b404410f55ec1abc

3c4f456e84a4b82254480d17bd6db4c0a9ae6259e085b362b10183a82956d1ba

61944d63af0a88ab927fa3bfb88eadd93435c4a851c2010756819cfaa90acde1

77ed638394053fe4fef1486f85bac2423f392a1f5e523f9ddf3f5dec289868d8

84a04190d479e2cf0fd459258a4fd4fc4a5059f96c355172e2c230f0bd1e863b

a162a4a82e21300ea8634e03e4d7f4b186cff8b9c41e2e9c46ca0c72e97aeacb

bfc5d64bcd1a7b794c7168c4ebddd06b817865e9d785b826adbd894d78a1fc5a

f90220b98550878f3056c732d437bae3026e4d7c7aa9bb733dbaa9c748cb80e7

+ 190 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/221118-p3gbmadc41/

Behaviour

Suspicious use of WriteProcessMemory

Reads user/profile data of web browsers

UPX packed file

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/486ab2a0-20f7-48d1-aa75-cf32b7080e59

Unpacked files

SH256 hash:

f62dae8a0d05b09b21e988c9164b2258ff94d5d6e2fea2d2ec3433579f230608

MD5 hash:

a79d4b8953be9a8f5ed823da754306f1

SHA1 hash:

bb32e4291b8066abab80638fadceb8c8ed4b2bad

Link:

https://www.unpac.me/results/91cb24d6-822a-4c77-8e18-7338a9fe169d/

SH256 hash:

56529c2c9e4c0cef3eabea92c5c5e730d88728fac42ec5f3b980c312b4240057

MD5 hash:

876b634b482b86f67fbcf61bb475bbe8

SHA1 hash:

2beae674a758cee2785808c8c10e7eb318aae1a8

Link:

https://www.unpac.me/results/91cb24d6-822a-4c77-8e18-7338a9fe169d/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/335757/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample