MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 676bbb9a36d0444aafb8f2d4d784a02e5d0246bcab6db076d3985e3af6322b92. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 676bbb9a36d0444aafb8f2d4d784a02e5d0246bcab6db076d3985e3af6322b92
SHA3-384 hash: bb8299d90ccc4432e73c234b9f8afe09a777486c756b28318158734b0bc8ea06773e30770861f8de05d9ae34880a48c6
SHA1 hash: 4bdcc46a45f3ed11a8f762394db1222c2cbc50fb
MD5 hash: 407612592f1dd05179fbf30b023c1f01
humanhash: sierra-vermont-orange-gee
File name:407612592f1dd05179fbf30b023c1f01
Download: download sample
File size:793'072 bytes
First seen:2022-04-03 18:51:12 UTC
Last seen:2022-04-03 19:46:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b4e5a48c3895bea05e33064b1f27428f
ssdeep 12288:Xb6uDmqKRhYMYMSoVgaKBaNsRcByHCVkVt+mda7EQTaf6:WhYkVgGNsRc4wn7EQ+f6
Threatray 610 similar samples on MalwareBazaar
TLSH T153F423D4F2948428ED997471AF778263C327B1EE9896472F23D63D3D6FE4694DC002A2
File icon (PE):PE icon
dhash icon 72fcd6dadadad2ce
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/260269/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.23914.30279.UNOFFICIAL
Create hunting rule

Win.Packed.Obsidium-9943095-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Searching for analyzing tools
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
DNS request
Sending a custom TCP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/6249ecd4a19c649412c782ea/reports/ce9d35eb-54fa-473c-ae8c-ddd7b0d68490/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9ef5fb2d-e0fa-465d-b55d-f0ac0149e49f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/969609
Signature
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Detected unpacking (changes PE section rights)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: File Created with System Process Name
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade debugger and weak emulator (self modifying code)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/676bbb9a36d0444aafb8f2d4d784a02e5d0246bcab6db076d3985e3af6322b92/
Threat name:
Win32.Exploit.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-04-03 18:52:50 UTC
File Type:
PE (Exe)
Extracted files:
168
AV detection:
12 of 26 (46.15%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
035135ef9ff11b79d5904a8ea08a1a430e6d9ca3d75bb30c0bd47d0f72486153
0d39fdc74c89e90f5952fc1352a22d9c1ed239453e5f6d98805aaeeedbce3022
26561f10cc120df745a1bbb4062af13aaf13129002ca36de757d11764849194f
2a0ceaf5ac0039a9409b47ebbe01ba3872726a6b6318bd697b8199396df49301
3c3bf835742e7a36b7a7c7866965e351077c08c48479f2cd988133bf65f22cef
3d616db3bac20e1f2aeb4aa9ad6c53a64fb2ae692ddd4dfbca34e7552a772c13
423603734e03a0601620dfa8522bbddfc14de5418da253167f46f3a14cca4979
5df70b6d4395c363a2f97843733996bceabfc71a9b30f6ef7361161b34b45bc6
f4ca00a988875fb8a01beeadd538610519b23866d0f16d27bb1c7e647d7a5a47
+ 600 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/220403-xh2qtscba7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Unpacked files
SH256 hash:
aebad67cd1f1ca69795162fa7db6808f52270bbba7e31cc6277d482d06e1f3b4
MD5 hash:
697a2c8bd6029f3b31c2cb0d346f6afd
SHA1 hash:
9ef5f7fdf11d3e68b2b96fc8720c202bac1e7a61
Link:
https://www.unpac.me/results/9fa9e2e2-2522-413f-acc0-3f09fc440ca9/
SH256 hash:
676bbb9a36d0444aafb8f2d4d784a02e5d0246bcab6db076d3985e3af6322b92
MD5 hash:
407612592f1dd05179fbf30b023c1f01
SHA1 hash:
4bdcc46a45f3ed11a8f762394db1222c2cbc50fb
Link:
https://www.unpac.me/results/9fa9e2e2-2522-413f-acc0-3f09fc440ca9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/676bbb9a36d0444aafb8f2d4d784a02e5d0246bcab6db076d3985e3af6322b92

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 676bbb9a36d0444aafb8f2d4d784a02e5d0246bcab6db076d3985e3af6322b92

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2129617/
  
URLhaus
https://urlhaus.abuse.ch/url/2129618/
  
URLhaus
https://urlhaus.abuse.ch/url/2129624/
  
URLhaus
https://urlhaus.abuse.ch/url/2118396/
  
URLhaus
https://urlhaus.abuse.ch/url/2117688/
Cape
Cape
https://www.capesandbox.com/analysis/260269/

Comments


Avatar
zbet commented on 2022-04-03 18:51:13 UTC

url : hxxp://zonasertaneja.com.br/6/data64_5.exe