MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63b14b74c629ae9cdddacfd42fed6593a59b4d16841036e7af06a92a5853c69f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	63b14b74c629ae9cdddacfd42fed6593a59b4d16841036e7af06a92a5853c69f
SHA3-384 hash:	6d29bdd40e87a5a5dbbf78b3cc12c3f75b2e79c0828357b58dab3a3b6e0abacee08ec5c352c0513b87ef9ca0027c0115
SHA1 hash:	52249b861c852706941d2fcb08884e1a496f2897
MD5 hash:	d2bad349906b711cf59df7178146abff
humanhash:	december-cola-cardinal-leopard
File name:	file
Download:	download sample
File size:	2'665'176 bytes
First seen:	2022-12-11 15:40:04 UTC
Last seen:	2022-12-12 12:09:39 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9b07102925b4f59f35c71f053bd1ede5
ssdeep	49152:vfuWC+4w1Qh8jbj66yrgeBeh0BVWmqzfGCXGhGmGl8ZyahqPR3hhjEX/x0q0HVrS:vftC+RG6bjh2neh0BdqlH58ZyahqPPhw
Threatray	36 similar samples on MalwareBazaar
TLSH	T1D7C58C54EA4390BED82704F0067BF6FF9520563548E08D5BEA8CCEB4AE72DA2531971F
TrID	37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 12.7% (.EXE) Win64 Executable (generic) (10523/12/4) 7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://vk.com/doc768860070_650629371?hash=fXyHHcHfp3JI8nJQFKR3OmKzP684Bnn9Ghby1PZCIeH&dl=G43DQOBWGAYDOMA:1670770415:B6yzS3p9owLWcbjWDNNZLHU2hMTvUgTNM1VGywpX0tz&api=1&no_preview=1#1055_1410

Intelligence

File Origin

# of uploads :

# of downloads :

192

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

raccoon

ID:

File name:

SoftwareSetupFile.exe

Verdict:

Malicious activity

Analysis date:

2022-12-12 12:02:30 UTC

Tags:

trojan raccoon recordbreaker loader

Link:

https://app.any.run/tasks/28d96885-308d-4de5-973b-a30feb2a8173

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/345223/

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.26719.7374.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Changing a file

Sending an HTTP POST request

Creating a file in the %temp% directory

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug hacktool overlay packed

Link:

https://www.filescan.io/uploads/6395f9d59a505ad9423ef9f8/reports/8b0d3cda-74a3-43a9-801f-55ef77322910/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/dbcef827-cc20-4872-aeff-c71abc2011ec

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.spyw

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1132258

Signature

Antivirus detection for URL or domain

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Tries to harvest and steal browser information (history, passwords, etc)

Uses known network protocols on non-standard ports

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/63b14b74c629ae9cdddacfd42fed6593a59b4d16841036e7af06a92a5853c69f/

Threat name:

Win32.Adware.RedCap

Status:

Malicious

First seen:

2022-12-11 15:41:10 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

20 of 26 (76.92%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=moyuw5ggfgxjzxo2z7kc73lfsoszwtiwqqidnz5pa2usuwcty2pq._file

Verdict:

malicious

8003300a0cc3a9582a04152e53b32d7b7bad9fc908916415ea6ed08c7694f820

91941257171d17fb42004df11a03220a3282074754dd133d163476fa8872efe8

ac9153e8da261d7677be21a028b52b9482755e59fc842961795af2c3597fcad1

c03077ccb8e64308640cdb4761d6a8ea57360f011dc45ce9ff83b2d90b422605

d2ef4abf9c97e7fa5e6cffb06d2b47beb7a7161a47600c24a247636488a4c79b

d53858652b5a1d5c9b30f70f85db725b10494564bf08136cd8afdc7f7788f2bc

e18597f8343d2752ecfea69c4615ea58f37d948ee5d0741791410fb2a4827b1b

fc708c22acda37fb50cea6d603cb794852d8311349970461b178ff66dedccc0b

+ 26 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/221211-s38bwsha72/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Reads user/profile data of web browsers

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/c70302da-6b58-4250-9af5-acebcb61c54b

Unpacked files

SH256 hash:

63b14b74c629ae9cdddacfd42fed6593a59b4d16841036e7af06a92a5853c69f

MD5 hash:

d2bad349906b711cf59df7178146abff

SHA1 hash:

52249b861c852706941d2fcb08884e1a496f2897

Link:

https://www.unpac.me/results/ffc2c1fc-b835-433f-b54c-9d72c3f7805f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.98

Link:

https://yomi.yoroi.company/submissions/63b14b74c629ae9cdddacfd42fed6593a59b4d16841036e7af06a92a5853c69f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/345223/

URLhaus

https://urlhaus.abuse.ch/url/2454834/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample