MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 622c21879b0776c3d01bb72cdd16bc83238d8464170871491d54367c4a295447. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 622c21879b0776c3d01bb72cdd16bc83238d8464170871491d54367c4a295447
SHA3-384 hash: 83401a9753b6db30b84a2a4a5ea8d6f46d97d631535807a4a1aaed584dad8c4a9f6e52b8259d40aa1b46db854c1cc2b1
SHA1 hash: bf39e0fa559e5b9d1a5b5aeefd6075bacf49799c
MD5 hash: ee7b54950381499d349cc3d50d2bdc0d
humanhash: september-one-jersey-kitten
File name:ee7b54950381499d349cc3d50d2bdc0d.exe
Download: download sample
File size:3'824'128 bytes
First seen:2021-10-19 15:28:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 98304:rXp2FPbprFuJRa9+Y3R+deMJhLusWGNgVJigIr0G+RUCO:rXp2F1MtY3IhSsWL5IQG+U
Threatray 1'584 similar samples on MalwareBazaar
TLSH T1350623897118B9FDC367C8368E980CB977C068BA5B0F4A1F94177AACD92C44BCE745B1
File icon (PE):PE icon
dhash icon 4810707161701068 (3 x RedLineStealer)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
314
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/198629/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37822428.9614.6087.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/616ee4409a5a1e91c5c6ca6f/reports/8053fd8f-2924-47c4-b1c4-48e772518729/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a03a1894-58a6-48cf-b2e4-b13bfebb260c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/873307
Signature
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/622c21879b0776c3d01bb72cdd16bc83238d8464170871491d54367c4a295447/
Threat name:
ByteCode-MSIL.Trojan.Gorgon
Create hunting rule
Status:
Malicious
First seen:
2021-10-18 16:08:00 UTC
AV detection:
8 of 26 (30.77%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0afa59785e40dc850fdc42bf1ee2a070ab99210b94966b650e410cea4d2729f4
51e6527daa5a10028c434c7ceaed1570ddd95e1de0eafa702f77860cec3d0b7c
57188024599ea670a53104209162f61fc1338f937644d61451f06cd68f47a487
585cf15c667a0e3b4d3d328a962aa012c09298fdc084e2d69a650c0d1d5a258b
5bd345b55778374712cb2de2734f3a2be404f2d78f70d9854293cd4b41bfcd69
62609aac613627ef79c08360049cdc59584d71d8e662f890dedbe4318da8beb5
860ac4a282dcf987884eb102266644b6442e3cd4bdbfbfbca897f673c89fa82a
bc06c918fab5afbb61d15611dedadbc9012cf9e4979e9d3f261a9046c306bb87
be2db75e1284c24016ccba39196d71e883b2e13ad6091ac2b56ed62dc199ef11
dc04225d29393bc9ba12e513b25172c130e6bebeba91783024188be85ae08de8
+ 1'574 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211019-sww1aahadm/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
622c21879b0776c3d01bb72cdd16bc83238d8464170871491d54367c4a295447
MD5 hash:
ee7b54950381499d349cc3d50d2bdc0d
SHA1 hash:
bf39e0fa559e5b9d1a5b5aeefd6075bacf49799c
Link:
https://www.unpac.me/results/0f840d3b-001d-4dc3-ad96-626970030315/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/622c21879b0776c3d01bb72cdd16bc83238d8464170871491d54367c4a295447

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 622c21879b0776c3d01bb72cdd16bc83238d8464170871491d54367c4a295447

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1696442/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/198629/

Comments