MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68834992b1f069c50b69ef70bbac00639957b4918834b3171e9e5d07fd24c388. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA 1 File information Comments

SHA256 hash:	68834992b1f069c50b69ef70bbac00639957b4918834b3171e9e5d07fd24c388
SHA3-384 hash:	d9c351d131771b5add3efb72f28b609e5d72eef639e49fb51db3dd6cdc5410b80f028e8967c0f895fb71b2ccb46d96db
SHA1 hash:	523804c577809a1a7a086dab3eccf76adf2b4755
MD5 hash:	f260da8676343596e2d57ac389b6b0ea
humanhash:	texas-michigan-whiskey-fix
File name:	f260da8676343596e2d57ac389b6b0ea.exe
Download:	download sample
File size:	1'573'376 bytes
First seen:	2021-11-23 20:04:09 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bbac62fd99326ea68ec5a33b36925dd1 (46 x AgentTesla, 38 x njrat, 27 x Formbook)
ssdeep	24576:k4lavt0LkLL9IMixoEgeaqQsegWRhpR4VnW3p375Antm+TiFwd1XwIFq9MmCS:zkwkn9IMHeaq6xKVnC78b9taPCS
Threatray	2'109 similar samples on MalwareBazaar
TLSH	T17675E00363DD83A0C3725233BA66B765AE7B7C2506B1F19B2FD5093DE960122522F673
File icon (PE):
dhash icon	71e8d2ccb892cc71 (8 x MailPassView)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

159

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

f260da8676343596e2d57ac389b6b0ea.exe

Verdict:

Malicious activity

Analysis date:

2021-11-23 20:08:43 UTC

Tags:

stealer

Link:

https://app.any.run/tasks/2bd36e8d-3882-4789-8a34-3a7ec95077b9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Gathering data

Detection(s):

Win.Malware.Autoit-9780500-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the %temp% directory

Running batch commands

Creating a process with a hidden window

Creating a process from a recently created file

Reading critical registry keys

DNS request

Sending a custom TCP request

Stealing user critical data

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

autoit greyware hacktool keylogger packed

Link:

https://www.filescan.io/uploads/619d4971b71ceed4152d6f11/reports/cbb0105d-06d0-4d5b-a1b9-ab3d66b1a300/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/78bd8054-8e38-4cc1-9f4d-17cad69b200f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/68834992b1f069c50b69ef70bbac00639957b4918834b3171e9e5d07fd24c388/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2021-11-22 09:41:16 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 44 (54.55%)

Threat level:

5/5

Verdict:

malicious

3093fc14a0bb06b811cfd1551715b43f74fdbe75b179e27e44f737a2a1c7154c

36b9146fd7d45954b83a4da982270bc9274240acf44a683ef71e7387f784053a

57d392e13da883ae7f36912e3d766694b476623894ab80c1f5b35370cb8316d8

a1620dcffe511b88c80a6086691eca79f7a66edad2196ab265bba7278f2e431a

a4651a13c5c1ad76aa985712a38891333b3bdf02a46ed619aabcbfcbfd0ddb5e

a4c035de8a4edb11a8cfaef2f2f8326d8909578cf9d5a5534edd4eb9d5a50680

ac2f6be5e15c9c9344043219d8487fdbe92ad443fa23b195b4f4baee5500a5f9

bb69d8195203fcd1bf34f41dbbba581063c5e1550f103fbe403f5c50626fb2dc

f8292298f2fe8d14012c0c6d4b98ef47d38dfb0e8e359a81fbcfd338d915dfbb

+ 2'099 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

collection spyware stealer upx

Link:

https://tria.ge/reports/211123-ytvbkaech5/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Accesses Microsoft Outlook accounts

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

UPX packed file

Unpacked files

SH256 hash:

68834992b1f069c50b69ef70bbac00639957b4918834b3171e9e5d07fd24c388

MD5 hash:

f260da8676343596e2d57ac389b6b0ea

SHA1 hash:

523804c577809a1a7a086dab3eccf76adf2b4755

Link:

https://www.unpac.me/results/747fcb5c-9cc4-4d40-971a-de94699b3b5d/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/68834992b1f0/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/68834992b1f069c50b69ef70bbac00639957b4918834b3171e9e5d07fd24c388

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	AutoIT_Compiled Create hunting rule
Author:	@bartblaze
Description:	Identifies compiled AutoIT script (as EXE).

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/208809/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample