MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6375c2e53e3dc7c6bfb8a0c0b83f8e3c7490d1067804479e991dfcd2c900ece8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6375c2e53e3dc7c6bfb8a0c0b83f8e3c7490d1067804479e991dfcd2c900ece8
SHA3-384 hash: 38ea45db907a663640b977364246d6890e73b49fdb7b2245327298729ac5a99c372fcf150da3f0522bb8211a8b7b62bc
SHA1 hash: 84cea1b9c1a98b155db752de8f89639d2e006c41
MD5 hash: 4f560d6fbb47e96d9bd595a4e2f86a77
humanhash: diet-gee-music-island
File name:ExTeam_v0.9_rebranding2_windows_64.exe
Download: download sample
File size:5'340'672 bytes
First seen:2022-10-10 07:27:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:9h4DJG41edWU9pg+MnGYPOjIAE48qEAOEamsWVyqL4jiGiNz2MER8cNQ18DMTdCD:r0iYU9lMnfPOUAE4JE8VRL4jgz2Iu1DC
Threatray 39 similar samples on MalwareBazaar
TLSH T1903633C6563C8CB1E64B44B0DF71F28EC896F8F0EACC4959E81E4D370554DE68A9F246
TrID 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter JAMESWT_WT
Tags:bitbucket-org exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
210
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
https://tinyurl.com/new-latest-setup-version
Verdict:
Malicious activity
Analysis date:
2022-10-03 08:34:09 UTC
Tags:
trojan raccoon recordbreaker loader stealer
Link:
https://app.any.run/tasks/f18eb342-46c5-4333-ba98-912395c64348

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/318226/
Detection(s):
SecuriteInfo.com.Win64.Malware-gen.30651.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/6343c985979fe5ad3328ab1e/reports/2b789436-fe4e-4cfd-96ce-05642f27aa1b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
UPX
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/61b65ad9-573f-4e60-a0df-c6522afbc17f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1086732
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6375c2e53e3dc7c6bfb8a0c0b83f8e3c7490d1067804479e991dfcd2c900ece8/
Threat name:
Win64.Trojan.WinGGo
Create hunting rule
Status:
Malicious
First seen:
2022-09-29 18:22:55 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mn24fzj6hxd4np5yudalqp4ohr2jbuigpacephuzdx6nfsia5tua._file
Verdict:
malicious
Similar samples:
118cdcd151285cd394c469adb600eec673af5962b08c5bdd71ae165f1b6b0b96
58e1eecd96750405a47327b00330180e4fc8aae4b0e6f89616d8d3cc9021fc9b
5bf3189b7d260930bbcaff2c228e948195d774d2542a6fe0a865a7e5b8b07c63
74a0e4140ca9299aa29f32313740e66821324c97b2ec860fc7945ec0e6775a7c
774fa8863d2cb1747c338ef9023103d535715b30b6d5450a9ee146663d77c89b
7fa5971fde4364c32e47c5a8e6b189fc214ffd019077f30c14fbfb4e240909e1
8b03872c981e72aa24fd680e3d8f49768341f2c86fdabe51f4e5302c41b194a7
b5ff5a9c19554d5531b7287615ce45e622ffc8d12b6c8d3f15e6c023e94bd452
cc81b5085ea098d0d117dfe38aa46b5513f66d34c23454c964cdd3f0864967e7
d06077790fb260d6c3ed4af601b5322446d2a0621eb8edf14af8438dc2c02a63
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/221010-janx4sbcaq/
Behaviour
UPX packed file
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/7f4b11ab-a476-48e9-a981-1195a7e09e3c
Unpacked files
SH256 hash:
5f8df8b65b59cdb0e750825cbf5e1bde885e6e555b3940e6526b200b1075ba36
MD5 hash:
c5cba3b29505b5f4b645fd36e512c8bf
SHA1 hash:
13d16c8255822f1bea550857e586576c2d4d25be
Link:
https://www.unpac.me/results/8fb8e9af-32c5-4746-8b08-665421d69041/
SH256 hash:
6375c2e53e3dc7c6bfb8a0c0b83f8e3c7490d1067804479e991dfcd2c900ece8
MD5 hash:
4f560d6fbb47e96d9bd595a4e2f86a77
SHA1 hash:
84cea1b9c1a98b155db752de8f89639d2e006c41
Link:
https://www.unpac.me/results/8fb8e9af-32c5-4746-8b08-665421d69041/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6375c2e53e3dc7c6bfb8a0c0b83f8e3c7490d1067804479e991dfcd2c900ece8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6375c2e53e3dc7c6bfb8a0c0b83f8e3c7490d1067804479e991dfcd2c900ece8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2323669/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/318226/

Comments