MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 622fb838298b78969dfbe0d1ff0c2fcea071b77e9a30332805a532683a039570. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 622fb838298b78969dfbe0d1ff0c2fcea071b77e9a30332805a532683a039570
SHA3-384 hash: da818815248b5f3c9d683a47cee943e5da1562d08fc703abb53f83d9536ae8fb35ce5ee47f909cc593c07a7d514e493b
SHA1 hash: 7ce88c9dc6cc32009592ea374a0f23894e0590e5
MD5 hash: 323bbb5bde8d8000098246af6215d415
humanhash: maine-finch-oven-chicken
File name:scrape.exe
Download: download sample
File size:10'229'484 bytes
First seen:2021-10-21 23:22:40 UTC
Last seen:2021-10-22 00:08:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2cdcfb3a828433ba76b5b41f45519bd9 (2 x ROKRAT, 1 x IcedID)
ssdeep 196608:5DpHx7wwYXu8mSxCyrICteEroXxeVfEqlbkkwR7VTE2EFxsmwNDQ9qQ2rB0xSZ:5oXu8mSxFInEroXkfEqirRRo2EURgqQA
Threatray 17 similar samples on MalwareBazaar
TLSH T1ABA633082F941CD9F1B2003060708932D179B8F7035089A76BBDD6675F97AE97EBBB94
File icon (PE):PE icon
dhash icon aebc385c4ce0e8f8 (10 x PythonStealer, 7 x RedLineStealer, 7 x DCRat)
Reporter JaffaCakes118
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Detection:
PyInstaller
Create hunting rule
Link:
https://www.capesandbox.com/analysis/199212/
Detection(s):
SecuriteInfo.com.PyInstaller.27634.32341.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Deleting a recently created file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/6171f65da9d585e6d532fe96/reports/0b96c622-94ec-4c9c-aeeb-dfdc286304ad/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GetYourFilesBack Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/30b7ce05-1a52-443b-abf8-dd2a51d949ad
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/874923
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 507351 Sample: scrape.exe Startdate: 22/10/2021 Architecture: WINDOWS Score: 48 24 Multi AV Scanner detection for submitted file 2->24 7 scrape.exe 53 2->7         started        process3 file4 16 C:\Users\user\AppData\...\scrape.exe.manifest, XML 7->16 dropped 18 C:\Users\...\_quoting_c.cp39-win_amd64.pyd, PE32+ 7->18 dropped 20 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 7->20 dropped 22 28 other files (none is malicious) 7->22 dropped 10 scrape.exe 1 7->10         started        12 conhost.exe 7->12         started        process5 process6 14 cmd.exe 1 10->14         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/622fb838298b78969dfbe0d1ff0c2fcea071b77e9a30332805a532683a039570/
Verdict:
unknown
Similar samples:
053e7603d2776f39c17d74cd5a095d2fa4727ce019cb91274c135be4b9732358
16a9bd04b1d92c0853acb7a0e7e9d3a047e9a55829245be9aa23b5088a072f4a
6239fb903c570cff86d4a21391c9a012dd27016243cc5ba67b3c93828a8badd4
8d11da2582a4e82ff7ca02288211613a1f7326b7426eb245138a1160e3dddfb4
8f8efcd4031721a458abbf5a0e164eb9d318fe8f5a16c5d1a174e13125128539
a11e597e813bde2241d999f3c2aa8fdecc7f1131507e4aa5fba6ba82dbd75459
da23dacc9e28905b0cc9f0724e182e8963525162b177d023c0c859e8fee09d43
e18efb7cff387e8b7ab7e7882841d21e5d6c3e9bddaa289a30315a54352bc39a
e8f57a83f154fb0c67f6064d3dc6914ad4278e5f79d054ec66c3b8383aeb5b5e
ed3588a0ea55834f7964684d9b97f05a70aea91fbc9eb4f1c5d0a1248acc7fbf
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
pyinstaller
Link:
https://tria.ge/reports/211021-3c5hesahe7/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Unpacked files
SH256 hash:
622fb838298b78969dfbe0d1ff0c2fcea071b77e9a30332805a532683a039570
MD5 hash:
323bbb5bde8d8000098246af6215d415
SHA1 hash:
7ce88c9dc6cc32009592ea374a0f23894e0590e5
Link:
https://www.unpac.me/results/d903d8d2-c084-4506-b1b2-ff01d021fb81/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/622fb838298b78969dfbe0d1ff0c2fcea071b77e9a30332805a532683a039570

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 622fb838298b78969dfbe0d1ff0c2fcea071b77e9a30332805a532683a039570

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/199212/

Comments