MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65d77c6d99bfdf41472afef809ff3a719e16610ac76fc68994b10bbae824dc6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65d77c6d99bfdf41472afef809ff3a719e16610ac76fc68994b10bbae824dc6d
SHA3-384 hash: 37408c41d25cb49d79dd3aef662d8e80b1e7fd8efb3e7e98730b1ca1b34a7753eb4f3cb0761fedc9d746a07baccbb692
SHA1 hash: 454773e14818ddcd18f0d5c7d770ee64611f03cd
MD5 hash: 72bb89449f18177af0ab1d2d5570a696
humanhash: bulldog-summer-alpha-utah
File name:72bb89449f18177af0ab1d2d5570a696
Download: download sample
File size:4'492'288 bytes
First seen:2022-10-19 01:39:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:RM8Zh7jDK7K9EsLas8ih5O8P19yUbJMrdMDxXVazaA6H9:R/ZBK7cay5tvyUbJMJMlXUa9d
Threatray 90 similar samples on MalwareBazaar
TLSH T1BE2633738DF81409C703E432507F696B5EEA765A391BE6183FC39C4D2727A104FAADA1
TrID 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
279
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
ficker
Create hunting rule
ID:
1
File name:
https://bazaar.abuse.ch/download/4440750f1c62039c30a02a77ab88df8267585bd8541cf35a3d83a7efef3cf563/
Verdict:
Malicious activity
Analysis date:
2022-10-18 22:23:14 UTC
Tags:
opendir loader evasion trojan ficker stealer raccoon recordbreaker
Link:
https://app.any.run/tasks/a5d051e9-f333-4602-a075-e26afffcffa5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/321542/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.62886069.4125.18515.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug packed trickbot
Link:
https://www.filescan.io/uploads/634f5573898b0652a4b8e11c/reports/b5c6013f-7fcc-4a8a-b362-21922f27ee4b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/0d2f96eb-9baf-4bb7-83c6-ccf2b26eefc4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1093139
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/65d77c6d99bfdf41472afef809ff3a719e16610ac76fc68994b10bbae824dc6d/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-10-17 20:22:04 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
17 of 41 (41.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mxlxy3mzx7pucrzk734at7z2ogpbmyiky5x4ncmuwef3v2be3rwq._file
Verdict:
malicious
Similar samples:
118cdcd151285cd394c469adb600eec673af5962b08c5bdd71ae165f1b6b0b96
52fbe26c4b9fd1f8fae6d4840ef6741eb6c8bcd4f137f9139ae49b15d1590b20
5d72a8ffcefedd15f16a8ac752b0e09fef6d9359c0019fa1627be76581358152
6375c2e53e3dc7c6bfb8a0c0b83f8e3c7490d1067804479e991dfcd2c900ece8
74a0e4140ca9299aa29f32313740e66821324c97b2ec860fc7945ec0e6775a7c
8b03872c981e72aa24fd680e3d8f49768341f2c86fdabe51f4e5302c41b194a7
b68aac66f4d1490eef02edd08bd9a7d58ea388f0fe601ace2e3c15cbf4bfe215
cc81b5085ea098d0d117dfe38aa46b5513f66d34c23454c964cdd3f0864967e7
d06077790fb260d6c3ed4af601b5322446d2a0621eb8edf14af8438dc2c02a63
ff3ae8fff0d1862d4bde8f61e0ed14ef76d6d2cc6d940bb83dc0b4cfdacc2752
+ 80 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/221019-b3jj4aehhk/
Behaviour
Reads user/profile data of web browsers
UPX packed file
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/97915c17-2b93-46ec-a682-9a7d6c93bffc
Unpacked files
SH256 hash:
84c87e22247bdcda4c085220722acad7290ad18e2d5f72837bd7b3576d965ce3
MD5 hash:
ba0980a74099fb2d9c8aa2c8e8ea6b72
SHA1 hash:
801bbfb4b788cfa1179f4f419bd773fc0163b563
Link:
https://www.unpac.me/results/e668c56f-d1cd-48b4-8913-aaebdd7dbee6/
SH256 hash:
65d77c6d99bfdf41472afef809ff3a719e16610ac76fc68994b10bbae824dc6d
MD5 hash:
72bb89449f18177af0ab1d2d5570a696
SHA1 hash:
454773e14818ddcd18f0d5c7d770ee64611f03cd
Link:
https://www.unpac.me/results/e668c56f-d1cd-48b4-8913-aaebdd7dbee6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/65d77c6d99bfdf41472afef809ff3a719e16610ac76fc68994b10bbae824dc6d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 65d77c6d99bfdf41472afef809ff3a719e16610ac76fc68994b10bbae824dc6d

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/321542/
  
URLhaus
https://urlhaus.abuse.ch/url/2289584/

Comments


Avatar
zbet commented on 2022-10-19 01:39:20 UTC

url : hxxp://89.208.104.172/bebra.exe