MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a33802a7b6fbca5945e5f7c1a5d502b29642991cabb69cfdc91657c85da3f19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a33802a7b6fbca5945e5f7c1a5d502b29642991cabb69cfdc91657c85da3f19
SHA3-384 hash: a75a7ee4696ded9c48d24ad5d4c9d8adb6bbc12541633ecd900c0fd1adeae705ec4dd17f924d62c39d21075f58052e68
SHA1 hash: dd3b971313b64ed895445d2ebe06b9c83a83d14b
MD5 hash: 33e2f334266f9d3ca18b83e7189c542a
humanhash: solar-stream-carpet-crazy
File name:33e2f334266f9d3ca18b83e7189c542a.exe
Download: download sample
File size:4'475'704 bytes
First seen:2023-04-09 07:34:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'452 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 98304:7TrxekO0nt0lRcW1o+KJfQ30Rjj9jh5KoyLYNFCoWW:7xzOs21oN5Q30RjjZh5K7uF1WW
Threatray 3'241 similar samples on MalwareBazaar
TLSH T1C62633580BEA7C2AD5A61DB97C577191E2631DF62C7568A830DC8C8D9A276F23303373
TrID 48.2% (.EXE) Win32 Executable PowerBASIC/Win 9.x (148303/79/28)
35.6% (.EXE) Inno Setup installer (109740/4/30)
4.6% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.2% (.SCR) Windows screen saver (13097/50/3)
2.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
264
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
33e2f334266f9d3ca18b83e7189c542a.exe
Verdict:
No threats detected
Analysis date:
2023-04-09 07:37:09 UTC
Tags:
installer
Link:
https://app.any.run/tasks/5f69539c-4ee9-4ab6-b905-efdb5838ac5c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/381078/
Detection(s):
SecuriteInfo.com.TR.Spy.KGBSpy.1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/77143/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
83%
Tags:
greyware installer overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/64326aa767206e6b681d6e3e/reports/552bbab6-1e9b-4a9c-912f-166e5bc2131b/overview
Verdict:
Malicious
Labled as:
Downloader/BeamWinHTTP
Link:
https://www.hybrid-analysis.com/sample/5a33802a7b6fbca5945e5f7c1a5d502b29642991cabb69cfdc91657c85da3f19
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/88beb1e1-bb48-4ee4-a24c-dea6c6f05c78
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1210853
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a33802a7b6fbca5945e5f7c1a5d502b29642991cabb69cfdc91657c85da3f19/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-04-08 19:52:22 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lizyakt3n66klfc6l56buxkqfmuwikmrzk5wtt64sfsxzbo2h4mq._file
Verdict:
unknown
Similar samples:
03d47f81136a36c7e732509f227ee021c480fd02511df3930c4327892c049fae
04fd3794814871b31fef000b51e51b6c20ad7646b3c74a585a668f95cf14fa06
093b0f8dda3411c2fbe3d8b04560de7021e8e1c0b43ff08c7296c000a05286da
5230f63d9733c5ece45053225a417e89fa6c9b7e81a0eafd467a5f7adc5fbb50
5637aef3fb43a418cd5bb036103fb3f7427e5062c5d23e14ab3b65c7d87793ec
56fd71a460645775b400f0d4eeb7f77f89ea33be8414f89d38fceeb3634627a9
72238987f1f659c6e41a74a077ea43fd07d6709be29e1f20546ba6f9ebeccc1a
77d1c06b1f52455505ad8e1af3d2182c13682dda7bda13185879c4c4a4018d04
8f8b341230323b995c1cde1d534031092bfddb56411dac43d155e5366681e1c7
e4cfaf2310c8aa89c4ccbc38a70aaa1cd3a61f41313f220800068c91c7dbacfb
+ 3'231 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230409-jensxahh68/
Unpacked files
SH256 hash:
5a33802a7b6fbca5945e5f7c1a5d502b29642991cabb69cfdc91657c85da3f19
MD5 hash:
33e2f334266f9d3ca18b83e7189c542a
SHA1 hash:
dd3b971313b64ed895445d2ebe06b9c83a83d14b
Link:
https://www.unpac.me/results/f5f05d4d-6430-43ca-893c-185fbc3f9865/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5a33802a7b6fbca5945e5f7c1a5d502b29642991cabb69cfdc91657c85da3f19

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5a33802a7b6fbca5945e5f7c1a5d502b29642991cabb69cfdc91657c85da3f19

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/381078/
  
URLhaus
https://urlhaus.abuse.ch/url/2509470/
  
Delivery method
Distributed via web download

Comments