MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69a62a1fb4b844bf19b8e17432a7aada5947d9ff5e73fefda01f2b571f5dfa9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69a62a1fb4b844bf19b8e17432a7aada5947d9ff5e73fefda01f2b571f5dfa9a
SHA3-384 hash: f92385b4165b6fff6589615075c60bf109142cd41cdeddbab7f78161ad607c2f0dfd537667c99eebfa11a902781fc415
SHA1 hash: 61acfc6aa85fab6b4aada2cc1f839e0fefee0243
MD5 hash: 42fbba1533273c141a7705139e594d70
humanhash: august-speaker-black-triple
File name:virussign.com_42fbba1533273c141a7705139e594d70
Download: download sample
File size:253'952 bytes
First seen:2022-07-13 14:17:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a64e048b98d051ae6e6b6334f77c95d3 (7 x Berbew)
ssdeep 6144:mqVibi+XT83nL0qzdwOSzhrQD2s68RXT83nL0qzdwOSL:JVijw3P+hrYw3P0
Threatray 77 similar samples on MalwareBazaar
TLSH T186449D873A638E7ADDF644F70B794A4740DF9565036DC19A029E5E44BF232CC3829A8F
TrID 47.2% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter KdssSupport
Tags:exe


Avatar
KdssSupport
Uploaded with API

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/287206/
Detection(s):
Win.Trojan.Crypted-29
Create hunting rule

Win.Trojan.Crypted-30
Create hunting rule

Win.Dropper.Berbew-9106192-0
Create hunting rule

Win.Malware.Yakes-9669964-0
Create hunting rule

Win.Malware.Jaik-6803944-0
Create hunting rule

Win.Malware.Qukart-6838239-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the Windows subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Enabling autorun
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
comsvcs.dll greyware overlay packed
Link:
https://www.filescan.io/uploads/62ced4898dab2096b99439cb/reports/13982e20-ad7d-44d8-a1b5-8f343df6a9d5/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5f8a7912-6eeb-4d82-a47e-ee75dac3ee03
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/69a62a1fb4b844bf19b8e17432a7aada5947d9ff5e73fefda01f2b571f5dfa9a/
Threat name:
Win32.Backdoor.Berbew
Create hunting rule
Status:
Malicious
First seen:
2022-07-07 01:46:42 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
25 of 26 (96.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ngtcuh5uxbcl6gny4f2dfj5k3jmupwp7lzz757nad4vvoh257kna._file
Verdict:
malicious
Similar samples:
18a264cf0b0b02294946916321d4c47563300896c4ec5541950416c0c88c3366
452f8859d1b67e0bf9e98be9babbaf597ff1fade06ad646d306ec1cc15cee0e5
477435b5dffab09deb3fbc0ceba951a59608ff19d66c794b0895ae45cac38a01
707c055aa684e94d9d59fe9c23b186fbe8badf4b189eb8df215fcf94da7c0e7b
93250c493eb18e3d5239f8386453d1e1b26bb2f6d3f47a9038132b6da217c2b6
9601c268a4fab57aeda5c79ce310d4e7364dbc643a526b6d80599d23459f1dfd
a4df4e0de251fdc2d1c250c93b784c60773e366bde6eb7ead3f807f0945dd8bd
b399f7597a61aaf1eb5fc44e64786ec1625712c8ca4005f8f60b3c5430d724e3
e2221376087f037a9f493a0da138f301a6ceab55dc11b5a27d3998c4e46cd472
f53bdad654d80edc2e2ee1203f5a36315569dcec2e29ad6770783c56287b268d
+ 67 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/220713-rmav1sabc2/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
Adds autorun key to be loaded by Explorer.exe on startup
Unpacked files
SH256 hash:
e8e1600fd031734da7c3e0a59d754e7132b49e06c3356b14edef16955659ef2f
MD5 hash:
18c345d4e6cd65efd22b3c3b5e54a015
SHA1 hash:
352bf2f73a337590094178d75b434d0c666074ef
Link:
https://www.unpac.me/results/a369cd47-57e3-45b1-b472-ebb2ee31d5db/
SH256 hash:
013221c07214398d0318ef33ab96d8c01e406a5f1d30aae93ec03cd8c08f6c1e
MD5 hash:
b2ee6bd02541c14577bb15a59857ada6
SHA1 hash:
c6c79a840ac7f1b2d80448ef42bd6691b6bd26d1
Link:
https://www.unpac.me/results/a369cd47-57e3-45b1-b472-ebb2ee31d5db/
SH256 hash:
69a62a1fb4b844bf19b8e17432a7aada5947d9ff5e73fefda01f2b571f5dfa9a
MD5 hash:
42fbba1533273c141a7705139e594d70
SHA1 hash:
61acfc6aa85fab6b4aada2cc1f839e0fefee0243
Link:
https://www.unpac.me/results/a369cd47-57e3-45b1-b472-ebb2ee31d5db/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/69a62a1fb4b844bf19b8e17432a7aada5947d9ff5e73fefda01f2b571f5dfa9a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 69a62a1fb4b844bf19b8e17432a7aada5947d9ff5e73fefda01f2b571f5dfa9a

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/287206/

Comments