MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63d3c658ed73776e08821a7917a13b342ef14c61aa5bb323e71551b3125e8b45. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	63d3c658ed73776e08821a7917a13b342ef14c61aa5bb323e71551b3125e8b45
SHA3-384 hash:	cbc0d0610c419fb9fcf10f8f71cd3a184f21e8ecbb4a0755a5b4005b18a16c4f444e4a020ce3d4de4c1eadaa4bdefe1b
SHA1 hash:	96ef652686721901687bed810d63b861c1683605
MD5 hash:	112d8a394fe68059ef2ab0f2529ca3f0
humanhash:	oven-friend-moon-montana
File name:	112d8a394fe68059ef2ab0f2529ca3f0.exe
Download:	download sample
File size:	4'492'288 bytes
First seen:	2022-10-29 06:40:01 UTC
Last seen:	2022-10-29 08:20:58 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	98304:G/3rxb7+Gb1t2Lz+n6GO3mftn7GrSLVXIdJ4bSrkEL3:G/3tGGbr2LzB2ftn7GruX0J4bSnL
Threatray	114 similar samples on MalwareBazaar
TLSH	T1C92633A6CC1D1131D426DFB623D2F791A0B707238E3B9614A31A3BE984366D34AD9D7C
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

294

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

112d8a394fe68059ef2ab0f2529ca3f0.exe

Verdict:

No threats detected

Analysis date:

2022-10-29 06:42:14 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a47da584-9e45-427a-bd43-c9a1765e9b76

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/325765/

Detection(s):

SecuriteInfo.com.Win64.Evo-gen.11427.177.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/635ccac5cb7e23aaca4399d3/reports/3e7779c9-457f-48f9-bde6-af6f584250b2/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/08d02a06-cc09-4de7-806c-ba2de6049f6c

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/1100796

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/63d3c658ed73776e08821a7917a13b342ef14c61aa5bb323e71551b3125e8b45/

Threat name:

Win64.Infostealer.Goback

Status:

Malicious

First seen:

2022-10-29 06:41:24 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

14 of 25 (56.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=mpj4mwhnon3w4cecdj4rpij3gqxpctdbvjn3gi7hcvi3ges6rncq._file

Verdict:

unknown

076be35a474ae63c118b15aff7bcf2bb4d97e6887c67ad63a49b466370fbd3fe

35ba668de0b81553c08865fa08b6d1dba20d36b7d284edf25d5f1b60f42f034b

65d77c6d99bfdf41472afef809ff3a719e16610ac76fc68994b10bbae824dc6d

677817a0182db451275cf23a4c1b96bb9d00ca6c3c50b244723bc6c0ef96b219

6f6e8e9441fa7b35c0b1676a69957404081ca8a357b38a6640adb38375a7424d

8847a0e33180494d34439bd327c2c1a5a6e59d977ced499f4f78991761e845ea

b61546030dbe1d3839d0244d814e48f88b36f70303750590b67cfed3486a4e8d

f8a941938484a00306232e77b8af41e7f81df56e4aa9864a2b59ea8ebfbc892b

fe98e1419e9ffe47ad09dfb3495b9c357bf3b4ae4b1bc179d2fd67c13a253068

+ 104 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/221029-hfnnvseeb9/

Behaviour

Reads user/profile data of web browsers

UPX packed file

Unpacked files

SH256 hash:

c099caf2c00694e7487bdb6b6f5bbc8525adb8e2c3246728ceebb74101394ed1

MD5 hash:

89c6d6360e986ee7e30393544c34e506

SHA1 hash:

526432d33ac22db25164b3e12bbb2ab0cb591280

Link:

https://www.unpac.me/results/3a0333a2-453c-46ff-adbe-e71a16e1c48c/

SH256 hash:

63d3c658ed73776e08821a7917a13b342ef14c61aa5bb323e71551b3125e8b45

MD5 hash:

112d8a394fe68059ef2ab0f2529ca3f0

SHA1 hash:

96ef652686721901687bed810d63b861c1683605

Link:

https://www.unpac.me/results/3a0333a2-453c-46ff-adbe-e71a16e1c48c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/63d3c658ed73776e08821a7917a13b342ef14c61aa5bb323e71551b3125e8b45

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 63d3c658ed73776e08821a7917a13b342ef14c61aa5bb323e71551b3125e8b45

(this sample)

Cape

https://www.capesandbox.com/analysis/325765/

URLhaus

https://urlhaus.abuse.ch/url/2389814/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample