MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cd361e9bd237d7dfed999883bacd2665e954815aeb2ba6942345e85d6568241. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6cd361e9bd237d7dfed999883bacd2665e954815aeb2ba6942345e85d6568241
SHA3-384 hash: 046882a6a95d4d53aa91a00e4dc57d7c7b7483d5aad938719220913963c45da5f285a504edf6dbe011f131c97fc9e0e9
SHA1 hash: 282a0ca7f103ac616994784fa78ead77fa22f102
MD5 hash: 7cb9460f9c43e15aaa19eb45bf2ce944
humanhash: oven-beryllium-happy-video
File name:7cb9460f9c43e15aaa19eb45bf2ce944
Download: download sample
File size:17'919'934 bytes
First seen:2022-12-20 13:49:54 UTC
Last seen:2023-08-26 20:53:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 69eb46a9f63edcc604b0bdaaa8e0f2f5 (2 x DCRat, 1 x Lazagne, 1 x RedLineStealer)
ssdeep 393216:HxxJhooqHHlt5mdQuslFwdFqPMfnq3+d95SW85UTAxoI:HvJ+zHH3wdQuBFq0qOd9EW85sAx7
Threatray 3'764 similar samples on MalwareBazaar
TLSH T11C07332BF2510CCAD8DD173749DB822A2A90BD198B64D10F47F47A971DDB2A17E37B20
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon aebc385c4ce0e8f8 (10 x PythonStealer, 7 x RedLineStealer, 7 x DCRat)
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
192
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7cb9460f9c43e15aaa19eb45bf2ce944
Verdict:
Malicious activity
Analysis date:
2022-12-20 13:51:07 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/957957bd-6534-470f-b937-6ea313441b79

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.FileRepMalware.19164.4498.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Running batch commands
Creating a process with a hidden window
Sending a custom TCP request
Gathering data
Result
Verdict:
MALICIOUS
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/960c4493-2309-45bb-8d46-a7ecd33c9884
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1137963
Signature
Multi AV Scanner detection for submitted file
Potentially malicious time measurement code found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 770693 Sample: CX3kyBhxm9.exe Startdate: 20/12/2022 Architecture: WINDOWS Score: 52 16 Multi AV Scanner detection for submitted file 2->16 7 CX3kyBhxm9.exe 502 2->7         started        process3 signatures4 18 Potentially malicious time measurement code found 7->18 10 CX3kyBhxm9.exe 1 7->10         started        12 conhost.exe 7->12         started        process5 process6 14 cmd.exe 1 10->14         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6cd361e9bd237d7dfed999883bacd2665e954815aeb2ba6942345e85d6568241/
Threat name:
Win64.Infostealer.Disco
Create hunting rule
Status:
Malicious
First seen:
2022-12-16 19:02:52 UTC
File Type:
PE+ (Exe)
Extracted files:
2442
AV detection:
9 of 26 (34.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ntjwd2n5en6x37wztgedxlgsmzpjksavv2zlu2kcgrpilvswqjaq._file
Verdict:
unknown
Similar samples:
30b39abec09a0975936b022b05e4a8b6e2fe34cb52c533a1fdfb2f9832152b74
4c3e6e0a44cec929b36ea43075ddb2d952c8fe7c19ee1b61de1e4f5b896a2147
5a07bc69ad4a2437e2a2ee9913a60fc6f147a895ea5d82bc2c1e3103a0b54454
61b16d71a76f83cef63d079b0735cd0a1cee24f1119063e28ef1f227f2bb27c4
76f4028be569b642d396b8e8936779493280aabcc3329f9058c19e78936c113e
8befc91b605e2dd3ee8917f6e4b2ab943ec7900d257b704955c2defc0328b4d8
8f6e203a52757cdb71ffbf15b696f0518f17862579863e139af08fafe1e1feb6
b71c27f07c3367ed0733d3bfc17eec9d101a955cf1f8af003ed8977584778d87
d1833d29e63b708289b27d78dbe7604f2a072f2fa853121e29ca13428d81e35e
+ 3'754 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
pyinstaller
Link:
https://tria.ge/reports/221220-q496rshf96/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Unpacked files
SH256 hash:
6cd361e9bd237d7dfed999883bacd2665e954815aeb2ba6942345e85d6568241
MD5 hash:
7cb9460f9c43e15aaa19eb45bf2ce944
SHA1 hash:
282a0ca7f103ac616994784fa78ead77fa22f102
Link:
https://www.unpac.me/results/cf8f2489-cdf7-4a47-bc72-6c9a266b10fd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6cd361e9bd237d7dfed999883bacd2665e954815aeb2ba6942345e85d6568241

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6cd361e9bd237d7dfed999883bacd2665e954815aeb2ba6942345e85d6568241

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2474385/

Comments


Avatar
zbet commented on 2022-12-20 13:50:08 UTC

url : hxxp://37.77.239.239:8752/crypted/nVidiaControllSetup.exe