MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 658b6d4e6818841a04b492f151d118adb2c8888edbebd98ebc6247566b35af6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	658b6d4e6818841a04b492f151d118adb2c8888edbebd98ebc6247566b35af6c
SHA3-384 hash:	965c5cb4b30e9036dcb7c54f1ca558202df5719cada65effdc5cc08cef3fc3e22f88b7483eb4b0d579ef96d32e1b5f42
SHA1 hash:	03832cac4a7c5d5f40534a76a1bffadf2295ccd5
MD5 hash:	5f34088c4b9340fd1c46d67e3bc9416d
humanhash:	cat-undress-bulldog-gee
File name:	658b6d4e6818841a04b492f151d118adb2c8888edbebd98ebc6247566b35af6c
Download:	download sample
File size:	1'022'073 bytes
First seen:	2020-06-03 09:02:02 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	28a099a911237a28521d8b7ea250f089
ssdeep	24576:WYT6pzT4ov6kF43c1HfctE+kFkgu9hwipTKoK2D32Vjo:WDj1NH+Ehkpwi1zK2D32Vs
Threatray	440 similar samples on MalwareBazaar
TLSH	3225235CDC4356B0EE265735124EE67F52285D22D4234E0AEF913DB27EB38D0933AB89
Reporter	raashidbhatt
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

57

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Lcc-1

PUA.Win.Packer.Pequake-4

PUA.Win.Downloader.Aiis-6803892-0

PUA.Win.Adware.Bang5mai-6804572-0

Win.Trojan.14771715-1

Win.Adware.Crossrider-1765

Gathering data

Threat name:

Win32.Adware.Crossrider

Status:

Malicious

First seen:

2020-06-04 03:26:00 UTC

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

13eccac589ff4426a37b8dfc64823815440f411c6f2bd59f049a59e5afad22e6

25fdf9f56f06a54483b8280c76f2402526f29394e367af1a8c99cd80801a9527

2df8b942572700c36070d92e00830e2962f7c199c21d497df65a55e8248c2301

3dd24bfc6728959f084de536645e2bd20318e4a709b41cddb9245147922da1d0

67348aa265e2504aa1a048466a767b016b3369dc0203f48eae80342102af54eb

73a0eff4b25b824af4b6600db0f637f991b45b0945c9385fd6e7eca289b7e5ed

777d646e09cf725986f3617d40d5bca943d077015759e346e3e8f5314cac13ce

9d8dfe823511ffc0ad4556618f8a1b99fd533a06f0323788c7d093efd9446099

a3c44389aac31e62cd3267525d4cfebbd65c32fbaec918500b606d67b0ea62d8

daac1aafd4f0f7b1e1e0112e913285543d73179216bc42cdf67036dae67955f0

+ 430 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

9/10

Tags:

discovery evasion spyware

Link:

https://tria.ge/reports/201109-fpzmlrr4c2/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

NSIS installer

Checks installed software on the system

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Checks for common network interception software

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample