MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64a7430b38a7770cc06682d05eb43f07ff858df73b67f0d4bdcd737702f8219c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 64a7430b38a7770cc06682d05eb43f07ff858df73b67f0d4bdcd737702f8219c
SHA3-384 hash: 3a8366ec40e02b6f87e000c051e6be8c7ada078e312d4dd8adb967691dc1f818fedfe2102c671082367e1b8c2a5fd953
SHA1 hash: 3d98b7f2b612dcdf39ad4c448e0dde5561860353
MD5 hash: e6d39bdffa37f92a8acc0ee57c6a830f
humanhash: kansas-chicken-leopard-diet
File name:e6d39bdffa37f92a8acc0ee57c6a830f.exe
Download: download sample
File size:1'388'776 bytes
First seen:2023-01-06 20:31:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 69eb46a9f63edcc604b0bdaaa8e0f2f5 (2 x DCRat, 1 x Lazagne, 1 x RedLineStealer)
ssdeep 24576:Ri0kCfunWh78HRtzzWBYEeYB7sAMnM8IGUtuYgQPQ+sF/mCO7zwY4YSrTFrZ/eTn:wPu8TeJdsrLIngQPdsF//xYSn+tYc5
Threatray 238 similar samples on MalwareBazaar
TLSH T19355126463A018F9FDB6153EC842D106D6B1BC120750D69B43E49EB73F237A2AC7B7A1
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon aebc385c4ce0e8f8 (10 x PythonStealer, 7 x RedLineStealer, 7 x DCRat)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
174
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e6d39bdffa37f92a8acc0ee57c6a830f.exe
Verdict:
No threats detected
Analysis date:
2023-01-06 20:37:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4c77b764-0a2d-46cc-a62f-6ab7c3475ea4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/350270/
Detection(s):
SecuriteInfo.com.FileRepMalware.19164.4498.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/63b88549bf1064ac5b2de256/reports/f7ce2447-1ba9-4211-aaca-6758c4d9f7bc/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
ElevenClock
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/a388aef6-af27-41f7-81fa-2363ec1d9e92
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1146709
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 779442 Sample: YSOdPJDhd4.exe Startdate: 06/01/2023 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 YSOdPJDhd4.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/64a7430b38a7770cc06682d05eb43f07ff858df73b67f0d4bdcd737702f8219c/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-01-06 14:44:25 UTC
File Type:
PE+ (Exe)
Extracted files:
14
AV detection:
4 of 39 (10.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mstugczyu53qzqdgqlif5nb7a77yldpxhnt7bvf5zvzxoaxyegoa._file
Verdict:
unknown
Similar samples:
0a664f3b560443c990bc9a773f1cbc94ff01e86bc26a4846b715253491c67db8
393520554a19f1a2dc6c362b4c4eb97bd62caadc8489545c1f6fc57aae91cc58
61b16d71a76f83cef63d079b0735cd0a1cee24f1119063e28ef1f227f2bb27c4
6cd361e9bd237d7dfed999883bacd2665e954815aeb2ba6942345e85d6568241
76f4028be569b642d396b8e8936779493280aabcc3329f9058c19e78936c113e
c9dd5ad8e1a4b2f30743465a874b3ce4ac0e3657683678fb1fb7477a1f8ebe98
d074db16525688d38bd4d33669e2406e7ab6cc6f5e2d039dafe019f419622416
e0b5142a0af8f9cf06f8e7cb073828711c38a9c47a906d820300d79a7dbce186
eb1bc9a5f5c530c8a4d271f626906fe986e5622fe4c635aceb77e95898978654
+ 228 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
pyinstaller
Link:
https://tria.ge/reports/230106-zbad4sbg54/
Unpacked files
SH256 hash:
64a7430b38a7770cc06682d05eb43f07ff858df73b67f0d4bdcd737702f8219c
MD5 hash:
e6d39bdffa37f92a8acc0ee57c6a830f
SHA1 hash:
3d98b7f2b612dcdf39ad4c448e0dde5561860353
Link:
https://www.unpac.me/results/122ec9f1-1fab-4f68-958e-7e57435d90e4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/64a7430b38a7770cc06682d05eb43f07ff858df73b67f0d4bdcd737702f8219c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 64a7430b38a7770cc06682d05eb43f07ff858df73b67f0d4bdcd737702f8219c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2474385/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/350270/

Comments