MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a9728c46e511314ffdc255613b40b0adae653a86c6117791844d61dfed92aa9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a9728c46e511314ffdc255613b40b0adae653a86c6117791844d61dfed92aa9
SHA3-384 hash: ecc099d0ec3c1980b2a3f404351ea76eb0f779e1f9e5b9a9925e9c30551328a9f7cdef68dfcfcba1485b4a924c6f58e0
SHA1 hash: 8f999b21ad744d50463cb4783eef0572e24db8d3
MD5 hash: 23eb3bef08f5a5831a1caaa89d44362d
humanhash: cold-winner-one-diet
File name:23eb3bef08f5a5831a1caaa89d44362d
Download: download sample
File size:556'032 bytes
First seen:2021-11-27 04:32:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep 12288:u5m8ZlWk6VT6qIm9qCZb5rTa8kdVXpPwixoEySmITYDH0NRTEJ+T1:5O+DD9qCZb5rTa8UPPnN5mITYDsR++T1
TLSH T1F1C41269D05498B1D2665B71C832CE9918B0BC31EF80363D6719F16EB831743EE9BE2D
File icon (PE):PE icon
dhash icon aae2f3e38383b629 (2'034 x Formbook, 1'183 x CredentialFlusher, 666 x AgentTesla)
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
162
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
23eb3bef08f5a5831a1caaa89d44362d
Verdict:
No threats detected
Analysis date:
2021-11-27 04:36:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4ff0d745-ac5f-40e8-aa41-16de3a5509c3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Dropper.Razy-6646749-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
nymeria packed razy
Link:
https://www.filescan.io/uploads/61a1b501f36138de3f40a797/reports/9cfe2642-9393-4095-b6c2-14839ff5f855/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/76b65317-50b9-4046-b835-999fd365a2fb
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/897065
Signature
Multi AV Scanner detection for submitted file
Uses Windows timers to delay execution
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a9728c46e511314ffdc255613b40b0adae653a86c6117791844d61dfed92aa9/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-11-25 22:27:18 UTC
File Type:
PE+ (Exe)
Extracted files:
42
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan upx
Link:
https://tria.ge/reports/211127-e6jk2sggbk/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Modifies system certificate store
NTFS ADS
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Deletes itself
Windows security modification
Executes dropped EXE
UPX packed file
Modifies Windows Defender Real-time Protection settings
Unpacked files
SH256 hash:
6a9728c46e511314ffdc255613b40b0adae653a86c6117791844d61dfed92aa9
MD5 hash:
23eb3bef08f5a5831a1caaa89d44362d
SHA1 hash:
8f999b21ad744d50463cb4783eef0572e24db8d3
Link:
https://www.unpac.me/results/fac94d8a-3559-41a7-a3ef-5e844b4c956b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6a9728c46e511314ffdc255613b40b0adae653a86c6117791844d61dfed92aa9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6a9728c46e511314ffdc255613b40b0adae653a86c6117791844d61dfed92aa9

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1822340/

Comments


Avatar
zbet commented on 2021-11-27 04:32:47 UTC

url : hxxp://host-coin-data-1.com/files/4272_1637854103_5496.exe