MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62a2b2e5a94b0984d1340508a83997c647cc4d8b371dca5f171bd565d83592ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62a2b2e5a94b0984d1340508a83997c647cc4d8b371dca5f171bd565d83592ae
SHA3-384 hash: e5cb3f088a1ea944b53c7a1c9392e9d87180ea87b0bfe632c8d0ed94b9f0411681b585a8a3635a1c380a0c6061b2ca2e
SHA1 hash: b7638b9ed8a33d62861b12c405a7b83cd4a5b8bb
MD5 hash: 5643274f6df8822f68d61d84d09a314d
humanhash: wisconsin-cola-west-july
File name:file
Download: download sample
File size:2'671'876 bytes
First seen:2023-10-27 21:34:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f4639a0b3116c2cfc71144b88a929cfd (96 x GuLoader, 53 x Formbook, 37 x VIPKeylogger)
ssdeep 49152:Ck2s5FXQ4EmojLjCRELVf7Avil+dHIsLp1thIikN+6u2hs8:C8zX71oDCRAZUviAHImDqia7hs8
Threatray 178 similar samples on MalwareBazaar
TLSH T106C52300B241DC42DDB506F41C6AE2BA50743FBB641EB96337817AFE2AF2E31954F256
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 80a4a6a4a6a6a480 (1 x RustyStealer)
Reporter andretavare5
Tags:exe


Avatar
andretavare5
Sample downloaded from http://dl1-broomcleaner.online/InstallSetup7.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
395
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/456788/
Detection(s):
SecuriteInfo.com.Malware@#1o2coqjl0l2yj.2594.21486.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Creating a process from a recently created file
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/653c2d07bc703e36b090f5a4/reports/f3785541-1087-4f55-9db3-d9f0002cf198/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/62a2b2e5a94b0984d1340508a83997c647cc4d8b371dca5f171bd565d83592ae
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dfdf9d0f-1c08-4ed8-8c3b-b342d5451a43
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1333540
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1333540 Sample: file.exe Startdate: 27/10/2023 Architecture: WINDOWS Score: 56 14 Multi AV Scanner detection for submitted file 2->14 6 file.exe 9 2->6         started        process3 file4 12 C:\Users\user\AppData\Local\Temp\Broom.exe, PE32 6->12 dropped 9 Broom.exe 2 6 6->9         started        process5 signatures6 16 Multi AV Scanner detection for dropped file 9->16
Score:
96%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/62a2b2e5a94b0984d1340508a83997c647cc4d8b371dca5f171bd565d83592ae
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62a2b2e5a94b0984d1340508a83997c647cc4d8b371dca5f171bd565d83592ae/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-10-27 20:30:37 UTC
File Type:
PE (Exe)
Extracted files:
113
AV detection:
12 of 23 (52.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mkrlfznjjmeyjujuauekqomxyzd4ytmlg4o4uxyxdpkwlwbvskxa._file
Verdict:
unknown
Similar samples:
0c67ccd6b722d25bbe932693afe8d0895555d12442699122c8810d2d6610e2a8
1bb732330744dda9232ab0e291c9b5d5f8e76e9c649ed9e1e9f4327a0c7387dc
725600f8e47bd1294331aa19c3bef6d31f37204afa2a5ba45036bc8307132d5b
88481fc9b8b2beb564ae58c9ad551d3810a15fbb58a7dc98944167e2f8f2dfd2
925fa028b1511d9fb57e7f69efebff4c34228222af3adc11cfc45d930e9f6983
b125d23b3416c85b1f35d0d2f6d0f9aee2f1d905af6c79f39a9d6486033a6a45
b47036189825426c6e368fd21594aaba8dbdcf573464d2939f99da44c9874b97
c1aa65f7c2cc6beb7052c8ada46a3139fc01da66890f4153a7c5761292b71d61
f2121eddb8a7aef412069b5de7d10058c59f961c6a031ae6e5e3fd104663f076
+ 168 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/231027-1fby6sbf88/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
0cf1dea59ec7bb949c5e24da708005b92ea41478721134c95d62620fe2f748b8
MD5 hash:
0e24381a131022cef8db0c07fa601d96
SHA1 hash:
6b5de0755e080505d8444f736728fd0594e91ea5
Link:
https://www.unpac.me/results/9c897ef7-b56b-4665-84c3-cf7d626b74fd/
SH256 hash:
62a2b2e5a94b0984d1340508a83997c647cc4d8b371dca5f171bd565d83592ae
MD5 hash:
5643274f6df8822f68d61d84d09a314d
SHA1 hash:
b7638b9ed8a33d62861b12c405a7b83cd4a5b8bb
Link:
https://www.unpac.me/results/9c897ef7-b56b-4665-84c3-cf7d626b74fd/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/456788/
  
URLhaus
https://urlhaus.abuse.ch/url/2726331/

Comments