MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58511975e989a92826ee57cd50db6b59f508b3166d13957ac42c6754433dbfd7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58511975e989a92826ee57cd50db6b59f508b3166d13957ac42c6754433dbfd7
SHA3-384 hash: 6281186e0c03fe5a749403138588a9a5c29f91ca8a32d63fe79b0513fed64d2644a6a317ec2c995d36d5609adfa56d65
SHA1 hash: 44b047120bd43af613754640505d0dfc6af4624a
MD5 hash: 76968b1ed9e18dc3d630bcdb2d3e298c
humanhash: mars-venus-sixteen-sodium
File name:setup.exe
Download: download sample
File size:8'581'178 bytes
First seen:2021-11-16 15:45:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 483f0c4259a9148c34961abbda6146c1 (17 x ValleyRAT, 8 x AsyncRAT, 7 x QuasarRAT)
ssdeep 196608:hfn6/VSl6K8qczrBWVricC5wBQd3+KYLBwXFOKyghYAtWMA:hPAklQ/B4rit5wBQdOP+8Kn7tXA
Threatray 23 similar samples on MalwareBazaar
TLSH T1C1863382BBC31439F4A0583A5D22D4241E23BDA51CE4B9251EF8DF8F0AB935766F6770
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
212
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/206543/
Detection(s):
PUA.Win.Malware.Speedingupmypc-6718419-0
Create hunting rule

SecuriteInfo.com.Adware.Siggen.31863.24335.23560.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/6193d23c4912a8c920a05c66/reports/8bfa617a-b504-423c-9fcb-b9d1696f1132/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ee074c37-51e7-4031-9d4d-d9378b440383
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
adwa.evad
Score:
28 / 100
Link:
https://www.joesandbox.com/analysis/890530
Signature
Modifies the hosts file
Obfuscated command line found
PE file has a writeable .text section
PE file has nameless sections
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 523002 Sample: setup.exe Startdate: 16/11/2021 Architecture: WINDOWS Score: 28 61 yt3.ggpht.com 2->61 63 youtube-ui.l.google.com 2->63 65 32 other IPs or domains 2->65 71 PE file has nameless sections 2->71 73 PE file has a writeable .text section 2->73 9 setup.exe 2 2->9         started        signatures3 process4 file5 45 C:\Users\user\AppData\Local\...\setup.tmp, PE32 9->45 dropped 75 Obfuscated command line found 9->75 13 setup.tmp 25 67 9->13         started        signatures6 process7 dnsIp8 69 192.168.2.1 unknown unknown 13->69 53 C:\Users\user\AppData\Local\...\hosts.exe, PE32 13->53 dropped 55 C:\Users\user\AppData\Local\Temp\...\x3.exe, PE32 13->55 dropped 57 C:\Users\user\AppData\Local\...\wintb.dll, PE32 13->57 dropped 59 40 other files (none is malicious) 13->59 dropped 17 cmd.exe 1 13->17         started        19 unins000.exe 1 1 13->19         started        22 chrome.exe 10 35 13->22         started        25 FlushFileCache.exe 1 13->25         started        file9 process10 dnsIp11 27 hosts.exe 7 17->27         started        31 hosts.exe 4 17->31         started        33 hosts.exe 4 17->33         started        41 6 other processes 17->41 43 C:\Users\user\AppData\Local\...\_iu14D2N.tmp, PE32 19->43 dropped 35 _iu14D2N.tmp 1 8 19->35         started        67 239.255.255.250 unknown Reserved 22->67 37 chrome.exe 10 22->37         started        39 conhost.exe 25->39         started        file12 process13 file14 47 C:\Windows\System32\drivers\etc\hosts, ASCII 27->47 dropped 77 Modifies the hosts file 27->77 49 C:\Users\user\AppData\Local\...\_shfoldr.dll, PE32 35->49 dropped 51 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 35->51 dropped signatures15
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58511975e989a92826ee57cd50db6b59f508b3166d13957ac42c6754433dbfd7/
Verdict:
suspicious
Similar samples:
9405f9084c8ec3eff442b83c20928fceb3e6372d504381b0527a7512a9889231
d7480662bc7ee6dc38227ea381978553b1774774e4a0a70ea3bf6aebbca48622
df7049b8c4d704376be3920232b1ba6b2c8cf2ff0f9cf3bf22f6d89c1c9515dc
e6447686ab68ede1a7b92ddc98b7e90ccf64d48876ace4b91cc45ea2437cc67c
e6d90883fd0e3c7576c140d6f12e04e1e54c3789ec4b2bdea925c9bdb6aa1f43
e6dff8475541ebddc1f0db47a311eb2c25581b7d5e62af8066d59c283114c2d3
f30dab44e1b3c177c002b35c5e9a933b79345c378dbf434b96de62051bbb1eb0
+ 13 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211116-s7pekseeb3/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
09af8004b85478e1eca09fa4cb5e3081dddcb2f68a353f3ef6849d92be47b449
MD5 hash:
ae9890548f2fcab56a4e9ae446f55b3f
SHA1 hash:
e17c970eebbe6d7d693c8ac5a7733218800a5a96
Link:
https://www.unpac.me/results/efb3f77f-2034-4810-ad34-919396e3d49d/
SH256 hash:
44b8e6a310564338968158a1ed88c8535dece20acb06c5e22d87953c261dfed0
MD5 hash:
9c8886759e736d3f27674e0fff63d40a
SHA1 hash:
ceff6a7b106c3262d9e8496d2ab319821b100541
Link:
https://www.unpac.me/results/efb3f77f-2034-4810-ad34-919396e3d49d/
SH256 hash:
58511975e989a92826ee57cd50db6b59f508b3166d13957ac42c6754433dbfd7
MD5 hash:
76968b1ed9e18dc3d630bcdb2d3e298c
SHA1 hash:
44b047120bd43af613754640505d0dfc6af4624a
Link:
https://www.unpac.me/results/efb3f77f-2034-4810-ad34-919396e3d49d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/58511975e989a92826ee57cd50db6b59f508b3166d13957ac42c6754433dbfd7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/206543/

Comments