MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cd7f067efbe74fc761f7404cf9c6fabb88fe2ac4a37d02701129e3ae7c8804a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6cd7f067efbe74fc761f7404cf9c6fabb88fe2ac4a37d02701129e3ae7c8804a
SHA3-384 hash: c01b256862fdd4593e2679d1f0d342e586ef4764abeb6aef71972a2b4401bf149d6dc5ac63087d2c8484f771432edd02
SHA1 hash: a5f9a6b9d17f9f40cde0d7f826d90c8fa098f343
MD5 hash: 327b89f460807cfca0690ae99b80e264
humanhash: william-missouri-whiskey-gee
File name:327b89f460807cfca0690ae99b80e264.exe
Download: download sample
File size:5'554'120 bytes
First seen:2023-12-07 17:02:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4b8ea275b01195301d047f45b8ba14d3
ssdeep 98304:swR/Nszok2LljW6WIWf60uxlvgIzp54X6Gp5P1u0/cJDINHCIzvdzR0c:rsxIlZWIguxlvL4X35Nd/pBCWdzL
Threatray 13 similar samples on MalwareBazaar
TLSH T1E746336176B25922D9044472BAA37DD4D83FDE0E3F76CC20F1D9F8499A9F129E13890B
TrID 34.7% (.EXE) UPX compressed Win32 Executable (27066/9/6)
34.1% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
8.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.7% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 69e0cc8edcdcd871
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
295
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/463323/
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

SecuriteInfo.com.Trojan.Dropper.31741.31365.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Popuper-6888135-0
Create hunting rule

SecuriteInfo.com.Win32.CrypterX-gen.12161.24678.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Delayed reading of the file
Creating a file in the %temp% directory
Creating a window
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin overlay packed packed packed shell32 upx
Link:
https://www.filescan.io/uploads/6571facc3f60a810348b646e/reports/3f63bc69-290b-4f56-aaef-420a9147c2e9/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/6cd7f067efbe74fc761f7404cf9c6fabb88fe2ac4a37d02701129e3ae7c8804a
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/4e8670a0-6896-4189-83b7-8c1e79b4c42e
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1355652
Signature
Antivirus detection for URL or domain
Found stalling execution ending in API Sleep call
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6cd7f067efbe74fc761f7404cf9c6fabb88fe2ac4a37d02701129e3ae7c8804a/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ntl7az7pxz2py5q7oqcm7hdpvo4i7yvmji35ajybckpdvz6iqbfa._file
Verdict:
malicious
Similar samples:
04275c5d2841eaa0b7be87be8a0b302dfda0655600468d1c44be9e2306e977be
18d8d4867be3da0708abd7d2dabbddbaf0379153dbcba0ee79fcd27c9f51d033
63d3f232f7db00f79b0c6d5f9d10b7ef34b83a9004f95fe2fe77c45651ffbec7
6cd7f067efbe74fc761f7404cf9c6fabb88fe2ac4a37d02701129e3ae7c8804a
84797a3d9ba96cfdca01e2fe5e22bfa4a4ab6b4ec634a12afb21f2e8b8f40c8a
c29e577e7b74647d89bf62f5c74d676cf9deb9c2c56a32e8d0348aba3df90999
dadfc4f31c908c0f68f83eb44eaf1b7facdc5e4f3aeae445ca4df126bd9ab3c6
dcee5466363b7135d68a88f01c49bf97fd6e36651023c6e7849c78c20bcd1312
e614baa745a7048e2d5169c8d9e747a2befb33be07a1a27b09c195fdc3b402bc
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
upx
Link:
https://tria.ge/reports/231207-vld3tsea27/
Behaviour
UPX packed file
Unpacked files
SH256 hash:
b5b2d3120dab8b5ac84342a64e8f36a2421ec9e37fc022ba0ada09917ce65fde
MD5 hash:
73a6acfc1d6a82e720a77c6057128ac2
SHA1 hash:
0f506bda49d39de7fd664f2997bfc24fb5e77d84
Link:
https://www.unpac.me/results/6a6cf0ae-a185-4a72-af78-a0d8150fbed8/
SH256 hash:
6cd7f067efbe74fc761f7404cf9c6fabb88fe2ac4a37d02701129e3ae7c8804a
MD5 hash:
327b89f460807cfca0690ae99b80e264
SHA1 hash:
a5f9a6b9d17f9f40cde0d7f826d90c8fa098f343
Link:
https://www.unpac.me/results/6a6cf0ae-a185-4a72-af78-a0d8150fbed8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6cd7f067efbe74fc761f7404cf9c6fabb88fe2ac4a37d02701129e3ae7c8804a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:upx_3
Create hunting rule
Author:Kevin Falcoz
Description:UPX 3.X

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6cd7f067efbe74fc761f7404cf9c6fabb88fe2ac4a37d02701129e3ae7c8804a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2230406/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/463323/
  
URLhaus
https://urlhaus.abuse.ch/url/2198205/

Comments