MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6087004fc16d11ff78f73284741e3ee39d74ce6a64f7546046a155c6404c7865. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6087004fc16d11ff78f73284741e3ee39d74ce6a64f7546046a155c6404c7865
SHA3-384 hash: 30cf93f9c4d71f80d5cf5fe807089fe611e95ab09232aecce6c828f6e53512dcf7f7ea177c8e1a8dc6beb3a4a84362d4
SHA1 hash: 07aa4f66688ff2e5466d61e947eb0bd2a607910b
MD5 hash: 61659f366a57a43102f9b69ac00e3aa1
humanhash: vegan-missouri-vegan-ink
File name:setup.exe
Download: download sample
File size:18'402'013 bytes
First seen:2022-10-26 00:17:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep 393216:Olsw8RwUfNSyBpg0kN+/UGHDHdSP8KBwIcA:Et86UVSweBqUGHDcPV99
Threatray 454 similar samples on MalwareBazaar
TLSH T12C07333FF268653EC56E1B3245B38250993B7A61A81E8D1A43FC350DCF766600F3BA56
TrID 49.7% (.EXE) Inno Setup installer (109740/4/30)
19.5% (.EXE) InstallShield setup (43053/19/16)
18.8% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
4.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 5050d270cccc82ae (109 x Adware.Generic, 43 x LummaStealer, 42 x OffLoader)
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
343
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
setup.exe
Verdict:
Suspicious activity
Analysis date:
2022-10-26 00:20:06 UTC
Tags:
installer
Link:
https://app.any.run/tasks/b168616c-bd9e-4974-b9b1-3aac4f749ff2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/45501/overview
Behaviour
MalwareBazaar
CheckNumberOfProcessor
CheckCmdLine
Result
Verdict:
MALICIOUS
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/62e162ae-41c9-43ed-907f-13e3d90a43d2
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
23 / 100
Link:
https://www.joesandbox.com/analysis/1097961
Signature
Obfuscated command line found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 730612 Sample: setup.exe Startdate: 26/10/2022 Architecture: WINDOWS Score: 23 5 setup.exe 2 2->5         started        file3 12 C:\Users\user\AppData\Local\...\setup.tmp, PE32 5->12 dropped 16 Obfuscated command line found 5->16 9 setup.tmp 3 12 5->9         started        signatures4 process5 file6 14 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 9->14 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6087004fc16d11ff78f73284741e3ee39d74ce6a64f7546046a155c6404c7865/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mcdqat6bnui766hxgkchihr64ooxjttkmt3viycgufk4mqcmpbsq._file
Verdict:
unknown
Similar samples:
3b4c1d0a112668872c1d4f9c9d76087a2afe7a8281a6cb6b972c95fb2f4eb28e
49e0e5f0de62fb6647ac6a76a8e57a9b636c777f9304337bff11971a7c6966e3
6aad3b97852a0606d9dc55ad9ea9d7875e10c92446279cbf8634927046d9cce7
788f7cfe6b106e078dd578b1007a6127ee9659898a451ca41ef208e75ac9f6bf
b25ae1db93e568ba7a07c876e4f8af316078b05dd67a994ff79fee997a7a46ab
c5aa0ec8d3e2dcf0fcdea0ea8e72f7edbd673cfc2f4fb127ceaf6b890f3f8bab
dfac601a1adf9bfb8f732721db2c08461e91c5766497e951e568dbb2a718f212
+ 444 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221026-allsfseca9/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/329028f5-0b5c-4049-9144-284e8dcb4adb
Unpacked files
SH256 hash:
4e1a51f79e656bde98b3b8502c8000509c52ec7eac3a1d2f13e10d3a89b227ad
MD5 hash:
51a7fbe68243ac1875f31d08e8cca74d
SHA1 hash:
d5595fab17d6a09b638e166f3b4945a2f0c9e540
Link:
https://www.unpac.me/results/b5c47e89-bdf2-43db-89d7-122fbd5b50e1/
SH256 hash:
6087004fc16d11ff78f73284741e3ee39d74ce6a64f7546046a155c6404c7865
MD5 hash:
61659f366a57a43102f9b69ac00e3aa1
SHA1 hash:
07aa4f66688ff2e5466d61e947eb0bd2a607910b
Link:
https://www.unpac.me/results/b5c47e89-bdf2-43db-89d7-122fbd5b50e1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6087004fc16d11ff78f73284741e3ee39d74ce6a64f7546046a155c6404c7865

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments