MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 677817a0182db451275cf23a4c1b96bb9d00ca6c3c50b244723bc6c0ef96b219. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 677817a0182db451275cf23a4c1b96bb9d00ca6c3c50b244723bc6c0ef96b219
SHA3-384 hash: 7f88545a5e901fd972770d194c440b01b980c819c6fa6f405ac78a053a7cc9155af13dfc41155058ff2953894e391a72
SHA1 hash: dd89248d95ab45261b9549b18e7e6a7618f82327
MD5 hash: fd7c99840a8a0c74eb7b1420aacb010e
humanhash: leopard-sixteen-october-nitrogen
File name:file
Download: download sample
File size:4'490'240 bytes
First seen:2022-10-28 04:43:21 UTC
Last seen:2022-10-28 09:24:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:1rQR3Nb+4KKzahDusI5+c2dodQDtXvirn+ri:6x+4PzsDTI5gdoWpM+W
Threatray 110 similar samples on MalwareBazaar
TLSH T172263344EB46F376CB823D3A39FF1198F8E535778EB44461A5CF0850B92EAB4A0522CD
TrID 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter jstrosch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
250
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/325334/
Detection(s):
SecuriteInfo.com.Win64.Evo-gen.15255.32380.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the system32 subdirectories
Creating a file
Launching a process
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/635ba629a302f5faa5989a1e/reports/111aefa0-3308-4994-b27f-a1c73de4c300/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/3911b7ba-b043-45ef-91bc-d51ba04c9ef2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1100067
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/677817a0182db451275cf23a4c1b96bb9d00ca6c3c50b244723bc6c0ef96b219/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-10-21 21:18:01 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
20 of 41 (48.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m54bpiayfw2fcj246i5eyg4wxooqbstmhrilerdshpdmb34wwimq._file
Verdict:
malicious
Similar samples:
02c1c4241e1211580f078778611ae7c11d6f7a5bdef75cf01cbb6a5185f1c3a8
076be35a474ae63c118b15aff7bcf2bb4d97e6887c67ad63a49b466370fbd3fe
35ba668de0b81553c08865fa08b6d1dba20d36b7d284edf25d5f1b60f42f034b
42c5acd0133e2653a0e4f9792906d42f16cf44c6ea920dca1edaf74618feb437
4a75a23c13301872f46f4530b071bc4534a211435d5a8d8534b1455735c571b1
65d77c6d99bfdf41472afef809ff3a719e16610ac76fc68994b10bbae824dc6d
6f6e8e9441fa7b35c0b1676a69957404081ca8a357b38a6640adb38375a7424d
b61546030dbe1d3839d0244d814e48f88b36f70303750590b67cfed3486a4e8d
f8a941938484a00306232e77b8af41e7f81df56e4aa9864a2b59ea8ebfbc892b
fe98e1419e9ffe47ad09dfb3495b9c357bf3b4ae4b1bc179d2fd67c13a253068
+ 100 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/221028-fctdtseeg3/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
UPX packed file
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/5afe6871-f173-4d4c-b3f6-869cb1a8ca84
Unpacked files
SH256 hash:
2f2910bcfc6d520cda54f230b005b9a2536e33805fe5dc1f02f312da2e962052
MD5 hash:
a581be68a5e022658c77b8307b2c15c1
SHA1 hash:
f08a42a7f97e7a89c1ffc55077e8cdb063c7aa10
Link:
https://www.unpac.me/results/2f2725dc-99ff-4322-bd3f-28c4c1102a7d/
SH256 hash:
677817a0182db451275cf23a4c1b96bb9d00ca6c3c50b244723bc6c0ef96b219
MD5 hash:
fd7c99840a8a0c74eb7b1420aacb010e
SHA1 hash:
dd89248d95ab45261b9549b18e7e6a7618f82327
Link:
https://www.unpac.me/results/2f2725dc-99ff-4322-bd3f-28c4c1102a7d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/677817a0182db451275cf23a4c1b96bb9d00ca6c3c50b244723bc6c0ef96b219

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 677817a0182db451275cf23a4c1b96bb9d00ca6c3c50b244723bc6c0ef96b219

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/325334/
  
URLhaus
https://urlhaus.abuse.ch/url/2389281/

Comments