MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6aab235d3e2c5d65a036d081f65a694c60ce9289c20c9bb386dde89bc31099b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6aab235d3e2c5d65a036d081f65a694c60ce9289c20c9bb386dde89bc31099b3
SHA3-384 hash: 124dd7d449bec494921e373f85206d4b979f9022bc4e2ff91954dcb2ccb073dd17aa21351dccf769185ccab8222fc7bc
SHA1 hash: f621c9cb44a4400106dd03b14def99b029947c6e
MD5 hash: ee38bbf9ccc6d608ec884c8e92367de4
humanhash: muppet-foxtrot-georgia-speaker
File name:flashplayerpp_install_cn.exe
Download: download sample
File size:1'350'728 bytes
First seen:2021-07-12 08:58:53 UTC
Last seen:2021-07-12 09:59:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 10f3801fcfe7b499e82e3ba049338ab0
ssdeep 24576:p0qaTPrNlGmh4mzCledp0Xb20QJphIhFza4/0rBHYyIHZTHK:p0jPr7nOmEEp0Xb2bJ4Fza/rBHYf0
Threatray 19 similar samples on MalwareBazaar
TLSH T15755236AD75CEA12D9C679F4C59B3BCD4BB9BF0D283687F81E826C48F8152431A381C5
Reporter JAMESWT_WT
Tags:BIOPASS exe Legit signed

Code Signing Certificate

Organisation:Adobe Inc.
Issuer:DigiCert EV Code Signing CA (SHA2)
Algorithm:sha256WithRSAEncryption
Valid from:2019-01-31T00:00:00Z
Valid to:2021-02-03T12:00:00Z
Serial number: 0d2caccd3e9eec06738410ba31bf6595
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: ac6728ffef0af0fdaeb6ad1a17400e91b06890358626e1d37989f400da23d82a
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
121
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6145270430859264.zip
Verdict:
Malicious activity
Analysis date:
2020-12-05 03:43:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/15b5da66-1332-4c64-bc65-54ef131a6dee

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171009/
Detection(s):
PUA.Win.Packer.PECompact-2
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/4682a17a-e22b-49a4-8b32-f8d07f2449da
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
39 / 100
Link:
https://www.joesandbox.com/analysis/814677
Signature
Detected unpacking (changes PE section rights)
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6aab235d3e2c5d65a036d081f65a694c60ce9289c20c9bb386dde89bc31099b3/
Verdict:
suspicious
Similar samples:
02efd5f4d8dedabeab8e75f3e49a8fdb05c28dfd39bc1e5c96e8213fe3212e9f
3175976cea0ac6b13312f1922423fca3f3d0bf99848f6b575c1063ed0f0cb8f4
59c8046d5881928e5a24722e97f5fb8a480b6039728c0e31062c62b82eca75bb
6ee8f6a0c514a5bd25f7a32210f4b3fe878d9d417a7ebe07befc285131bae10e
6fc307063c376b8be2d3a9545959e068884d9cf7f819b176adf676fc4addef7d
9ccb4ed133be5c9c554027347ad8b722f0b4c3f14bfd947edfe75a015bf085e5
a5a4d88e2fe16d319aef6f7550ca2379d253a943d467dedc21e7ea3deb19410e
a8f0dbc38f4fa81b8dc71d6a69df4a5a9963ad57de7c491a61044dbe42f586e5
de17e583a4d112ce513efd4b7cb575d272dcceef229f81360ebdfa5a1e083f11
e52ea54cfe3afd93a53e368245c5630425e326291bf1b2599b75dbf8e75b7aeb
+ 9 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210712-bvy2sqhaxn/
Behaviour
Modifies Internet Explorer settings
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Program crash
Unpacked files
SH256 hash:
467f6766c0fe82abc9286b530d7fa455360c8c7f20a7f28461c54873e4e4de21
MD5 hash:
6be622c4fd3a217b3f45dcd0b1897ffe
SHA1 hash:
0d31265517b835028a81eaf4e16dd3b60d4bc874
Link:
https://www.unpac.me/results/76bb1cdf-066b-4593-97b3-c98285a606cd/
Parent samples :
e8d6393b63beba6b6cad43f7068f597f9a9c89effba80917412c3f438214ec5c
1eb83f805c41a946b3cf639512ddfe1da13fce7aca90270448f1b03c343befff
c513dde23b6e4d4274696e7598f01f0bc96953ad14556fb7de24c765ab574327
f52ed6bc805585d9e81b15a327af3ecbccc67aac180dff55968b5133035ce74d
b09326eda96f66176f54837d11d485a281dd89f24addc68f2c1e5cfedffe90e3
490c76da1ec8a15a782850b4468cc7ab780ce8cc436d7b490c280588864940cf
363e545ebbeb5eafa15f17986c7e90abebe28774b7b4bb2c1fcb2ff64c9158b8
021cdda10106e4db66873cd411ae3ea1d63ce01a0de1889f658d73c84ea00c8e
68ad2b97e4e2c2e2dedd7b7cbb3a0483c09948513f849bcd22ebeee1f8f40cd3
797c029eb74037b438d4c8eebc774dd45c243e86570d0a2118b168ea7472ca0d
a3ee42d49a63d91f51e144c2372002385da3573c8179ed743eef439904a6cdf4
55d421ed6221bf7cb9cfc4a78c3b7dd8407f19933fd26af3adb4f659bfe81abb
3803477a8eaad24fbd1fb71245a009f371eab35186065534bb14ae5dc41f8e4b
e88a142edb195e0d7e73616f3f5edc8a8ae6fd811c2985ac591c0925122ca8ee
66a517357eb8d9d77f8e4f1e67bcb3d3ad36b95010ae2a47caef8fe9018bcfe6
0916b368912885a4b72e1f309de846041bcbb3b74e478964f11797f0e4ace419
4c5b6f817e37e530c3440d02fcfd808aaef1e15f880fc9cdb43799ecc86bb1e9
d0d9d1a383cd3123e3a740793e4e9dab17701dd26856c3d13bdd84aa9b6f3c44
0504da7e2670ac33821b1d29ab8e430bd262a873fd07dfae680e7816c705cdd2
5783db0ba968957f967255d34b62546fdd3f6e70aa65b2b3fae44228bf6441ca
SH256 hash:
94bf4afd3a77d76311159daa2f19643a7f7d1e2c4b37807651b328feeef34668
MD5 hash:
1115be7832a7fa6005cb06aa20cdbb5c
SHA1 hash:
d0cf4dcc15749f031b4f5631bd603daf3bae1696
Link:
https://www.unpac.me/results/76bb1cdf-066b-4593-97b3-c98285a606cd/
SH256 hash:
6aab235d3e2c5d65a036d081f65a694c60ce9289c20c9bb386dde89bc31099b3
MD5 hash:
ee38bbf9ccc6d608ec884c8e92367de4
SHA1 hash:
f621c9cb44a4400106dd03b14def99b029947c6e
Link:
https://www.unpac.me/results/76bb1cdf-066b-4593-97b3-c98285a606cd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/6aab235d3e2c5d65a036d081f65a694c60ce9289c20c9bb386dde89bc31099b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/171009/

Comments


Avatar
NI@FI@70 commented on 2021-07-14 13:51:24 UTC

not sure if it is Biopass, not on the IoC List https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html