MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6dce59b0eefdba6cc3bd0251bdd553c9657af4ca2f72c584eb1c923cdc551378. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6dce59b0eefdba6cc3bd0251bdd553c9657af4ca2f72c584eb1c923cdc551378
SHA3-384 hash: 061a40f834ebb343228676432924307a1fc28bd6b6bf8c2128f4523c4472cd8d8170fe41cb5ac66bea019f578e4ad637
SHA1 hash: 52b77faeb0bb8d33ce6f1567413682ab4233cf1b
MD5 hash: b1a59ca4344b779d643a66e15c99b76a
humanhash: mobile-three-eleven-robin
File name:file
Download: download sample
File size:1'959'512 bytes
First seen:2023-01-17 02:17:33 UTC
Last seen:2023-01-17 15:07:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ce58adf3abf4a0c8aa0648da9ca028eb
ssdeep 24576:kGBSQoridqB3GZBa2N938V3eqEUwxTLqu3LV3Fx0jywdib10RHsX3wNSRx4:kItqk38V3Uft7Nwyr10GwNqx4
Threatray 1 similar samples on MalwareBazaar
TLSH T13295CF77E1B1E1A2E58B7571F3C6C29F826332A531CCD3BEA16D8017F24DA96C897241
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f0dcacc8cce8f0cc
Reporter andretavare5
Tags:exe signed

Code Signing Certificate

Organisation:*.dnsmadeeasy.com
Issuer:Sectigo RSA Domain Validation Secure Server CA
Algorithm:sha256WithRSAEncryption
Valid from:2022-06-13T00:00:00Z
Valid to:2023-06-25T23:59:59Z
Serial number: 8cc57368ec43e9036c24523b9754b67c
Thumbprint Algorithm:SHA256
Thumbprint: 630558c62fbf0f12563fd1ba20706b1e0af98b57582399a56656863b33b28bfb
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
andretavare5
Sample downloaded from https://www.isurucabs.lk/SAM.exe

Intelligence

File Origin
# of uploads :
12
# of downloads :
228
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-01-17 02:17:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/961ddd21-7dbb-4314-94fa-ea61246355d3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/353621/
Detection(s):
SecuriteInfo.com.Variant.Babar.141807.24507.3202.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/60826/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
EvasionGetTickCount
Verdict:
No Threat
Threat level:
  2/10
Confidence:
80%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/63c6055b81817f6f4dc447a5/reports/4ffb63c8-9b2e-487b-9d74-55b2a6588ce3/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Mustang Panda
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/45f5cade-77ce-4460-8034-5a7ef4407244
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1152731
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6dce59b0eefdba6cc3bd0251bdd553c9657af4ca2f72c584eb1c923cdc551378/
Threat name:
Win32.Trojan.Privateloader
Create hunting rule
Status:
Malicious
First seen:
2023-01-17 02:18:07 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
10 of 26 (38.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nxhftmho7w5gzq55aji33vktzfsxv5gkf5zmlbhldsjdzxcvcn4a._file
Verdict:
malicious
Similar samples:
d84db1308da847c83f17ebe85870e7d89f6b8069b204a58019e95e156c7ea43e
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230117-cray9ada3w/
Behaviour
Suspicious behavior: EnumeratesProcesses
Unpacked files
SH256 hash:
331e1c6bb7e7fb3f238933c45c38a057c37fb3a98e9a8af6ab9350c67bac1ddc
MD5 hash:
7ef6d39a2ff59708288e65e641effbed
SHA1 hash:
cf46540a689024f2f6a9b78066eb732d1f43d52c
Link:
https://www.unpac.me/results/a3ce926d-9e23-48ce-8b47-8b178777af04/
SH256 hash:
6dce59b0eefdba6cc3bd0251bdd553c9657af4ca2f72c584eb1c923cdc551378
MD5 hash:
b1a59ca4344b779d643a66e15c99b76a
SHA1 hash:
52b77faeb0bb8d33ce6f1567413682ab4233cf1b
Link:
https://www.unpac.me/results/a3ce926d-9e23-48ce-8b47-8b178777af04/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.92
Link:
https://yomi.yoroi.company/submissions/6dce59b0eefdba6cc3bd0251bdd553c9657af4ca2f72c584eb1c923cdc551378

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/353621/
  
URLhaus
https://urlhaus.abuse.ch/url/2509599/

Comments