MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5bda6b19046cc9919f8b1248384573bfdd2895df2d100eafcdf2346bc46fffb9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5bda6b19046cc9919f8b1248384573bfdd2895df2d100eafcdf2346bc46fffb9
SHA3-384 hash: 75d258df9eefb60e2e747c6b06450f4153e1ddab0452b0b0a97c92c16e715d0a8140611a098b54e4d16da72717132146
SHA1 hash: b3cb45103d4625cc1b2a0fa82fea122fbcdd20e2
MD5 hash: a886474d6c1462e61daa96aa9bd4a762
humanhash: seventeen-zulu-cat-mississippi
File name:a886474d6c1462e61daa96aa9bd4a762.exe
Download: download sample
File size:2'537'472 bytes
First seen:2023-01-27 16:58:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 49152:Vr/3LYMEB0599N2pe/WeMn9v3WIxsrgdwictHlpus+mj0BgnQsxmH+Xg/gH:tThvN2pe/WeM9ZEgdwBtHpyt/gH
Threatray 277 similar samples on MalwareBazaar
TLSH T17BC5333B9D83F055C41384FF7E8A2A6A74F91A258A07C36719F983A1F746305D69073B
TrID 63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12)
24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.ICL) Windows Icons Library (generic) (2059/9)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
179
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a886474d6c1462e61daa96aa9bd4a762.exe
Verdict:
Malicious activity
Analysis date:
2023-01-27 17:11:34 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/afeab172-d353-4dcb-91e3-cad3f98e1ac6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/357564/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
No Threat
Threat level:
  2/10
Confidence:
67%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/63d402d82d4f6d560e234b9d/reports/eb4d24d0-ca4e-41be-b8a4-1e87a63a5772/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/47863e79-ac3f-4827-a4da-9f0176c96fa9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1160438
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 793173 Sample: XN8juHvp3V.exe Startdate: 27/01/2023 Architecture: WINDOWS Score: 60 21 Antivirus / Scanner detection for submitted sample 2->21 23 Multi AV Scanner detection for submitted file 2->23 7 XN8juHvp3V.exe 2->7         started        process3 dnsIp4 17 youtube-ui.l.google.com 172.217.168.46, 443, 49701 GOOGLEUS United States 7->17 19 www.youtube.com 7->19 25 Tries to harvest and steal browser information (history, passwords, etc) 7->25 11 cmd.exe 1 7->11         started        signatures5 process6 process7 13 conhost.exe 11->13         started        15 choice.exe 1 11->15         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5bda6b19046cc9919f8b1248384573bfdd2895df2d100eafcdf2346bc46fffb9/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-01-26 08:13:51 UTC
File Type:
PE+ (Exe)
AV detection:
18 of 39 (46.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lpngwgientezdh4lcjedqrltx7osrfo7fuia5l6n6i2gxrdp764q._file
Verdict:
malicious
Similar samples:
08f22af3870c81cf0f903d784abecd650003adfff360ff0529540091f277d057
12567de24a8dbc6c0103aa263217ad240098d7545e32546f35fd5b791b1869fa
2e205ecc398903361efb69b5790716a47b76301e7b8ad3be506fbde96ee6ffe7
4b56f06c41fb17b2e445bee3e4016d3297f758cbb20b3fc280763593813242df
6fac6114554675dba7ba82a4da7076333bdf4dab4786d6632e71ad64fb3bdb35
7f305167fdb6ae8a3781cd257ddef222ee6803f44115d2e1a133f7da67d4eaa0
88dbf134cd4628fc8b97cc1adf5201cae875df1fa5280b3cbc0306478161e9f4
90e7c78ca1612b6f6e0f2c25e00e4c73e9df86936a243a03a488a3b155334eea
f90220b98550878f3056c732d437bae3026e4d7c7aa9bb733dbaa9c748cb80e7
+ 267 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/230127-vgv6jsdf5t/
Behaviour
Suspicious use of WriteProcessMemory
Deletes itself
Reads user/profile data of web browsers
UPX packed file
Unpacked files
SH256 hash:
a766ad7270a0dd6867975d2808efd0244b24a93af981c92c8f9c04db7115ebc2
MD5 hash:
5792ff28164ab8982fc15550e30328d0
SHA1 hash:
23a6e325f7e230ffe675926ff1dea736d3f314d9
Link:
https://www.unpac.me/results/8f92d8dd-584e-4ac6-b4d1-2332dd09163b/
SH256 hash:
5bda6b19046cc9919f8b1248384573bfdd2895df2d100eafcdf2346bc46fffb9
MD5 hash:
a886474d6c1462e61daa96aa9bd4a762
SHA1 hash:
b3cb45103d4625cc1b2a0fa82fea122fbcdd20e2
Link:
https://www.unpac.me/results/8f92d8dd-584e-4ac6-b4d1-2332dd09163b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5bda6b19046cc9919f8b1248384573bfdd2895df2d100eafcdf2346bc46fffb9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5bda6b19046cc9919f8b1248384573bfdd2895df2d100eafcdf2346bc46fffb9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2516964/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/357564/

Comments