MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e9c61198478075bc0662fa4c8faf5e183cd43f97fff11296c2f9e371bf6d49c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	6e9c61198478075bc0662fa4c8faf5e183cd43f97fff11296c2f9e371bf6d49c
SHA3-384 hash:	8b7a64bf1a46a4f8a74c58cee5c490e243ae43b4137d81b1c1dd719fed6c600ecfafdf12828496fd5713595803bf3a89
SHA1 hash:	0f57ffdf84beb17760275a1e53de5bc777b00fe9
MD5 hash:	4535190349c16eef5ad9921fad54791c
humanhash:	colorado-asparagus-four-freddie
File name:	SecuriteInfo.com.Win64.Malware-gen.20796.18706
Download:	download sample
File size:	14'230'750 bytes
First seen:	2022-07-26 19:49:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0d29bd8bf9dcd1e5820ccb1eb99fb2de
ssdeep	393216:zp3yDZ866uhSdLSb2sWAXPR6Pvv7opYUZJgaQlC+658Zg1:zpM96uhSdOb2sDXPR6Pv0pYmJgaQTceo
Threatray	6 similar samples on MalwareBazaar
TLSH	T185E633D3F582349CF89B817775CA8A76E4D17C4A6A02691202B03F60BFBDEC39B4465D
TrID	43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 27.6% (.EXE) Win64 Executable (generic) (10523/12/4) 13.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.3% (.EXE) OS/2 Executable (generic) (2029/13) 5.2% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	d4903292e2ccb4c0 (13 x Formbook, 8 x AgentTesla, 4 x NanoCore)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

355

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win64.Malware-gen.20796.18706.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a custom TCP request

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/27548/overview

Behaviour

MalwareBazaar

GetTempPath

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug overlay packed python shell32.dll

Link:

https://www.filescan.io/uploads/62e045eca2f481deb96b4fa9/reports/437bcaac-7b04-413f-b577-731d1114ca7a/overview

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/5a6c5e7f-fe86-4881-9323-875b2b1aa99b

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1041410

Signature

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6e9c61198478075bc0662fa4c8faf5e183cd43f97fff11296c2f9e371bf6d49c/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2022-07-26 19:50:32 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

9 of 26 (34.62%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=n2ogcgmepadvxqdgf6smr6xv4gb42q7zp77rcklmf6pdog7w2soa._file

Verdict:

unknown

41104b0bca83d8661e6b5d4522777deaaf76d5242e9796150de0e11a1602286d

438a7ec2cc82a114b13aa6b44ae9b044597d1d0643ec1d138a39fe24628fe4df

6399814e06253b852792dccb2e02cd468233cf5ada2ed39e5f7202e8d24f8901

cf68ac02858c0053067b47b24338b564aeb92f25310765a2bad8928174285a62

fde6da45bacb901c194e7443ed04aba47a388cb5ee4fb193f0e528e1abc4cabb

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220726-yj9cqsdfbp/

Unpacked files

SH256 hash:

6e9c61198478075bc0662fa4c8faf5e183cd43f97fff11296c2f9e371bf6d49c

MD5 hash:

4535190349c16eef5ad9921fad54791c

SHA1 hash:

0f57ffdf84beb17760275a1e53de5bc777b00fe9

Link:

https://www.unpac.me/results/595e07d5-eeb3-4e5f-b3df-d7b47e0340f7/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 6e9c61198478075bc0662fa4c8faf5e183cd43f97fff11296c2f9e371bf6d49c

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2261442/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample