MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ec7aa60afcb5b409e55f0a47ff4ba273f1c9e28f7bd5c9f32b1d749ccad0719. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ec7aa60afcb5b409e55f0a47ff4ba273f1c9e28f7bd5c9f32b1d749ccad0719
SHA3-384 hash: 2726dd5178e1eb803d518176e5c020b30b258cd1eba85685621de0af1332e30c731e404aa44d7580fbf49166a5144e9e
SHA1 hash: 8c44d167aee396e6beaa4a4fbe93e6022d204b05
MD5 hash: 8a4cf899ce66a577228da0c737e1c21f
humanhash: burger-michigan-burger-illinois
File name:6ec7aa60afcb5b409e55f0a47ff4ba273f1c9e28f7bd5c9f32b1d749ccad0719
Download: download sample
File size:2'685'952 bytes
First seen:2021-11-24 12:18:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ef471c0edf1877cd5a881a6a8bf647b9 (74 x Formbook, 33 x Loki, 29 x Loda)
ssdeep 49152:wOA+peSvcvoeq9YRshho3lbeE3mArXRheDtbHxUi6Ph0Tj/mgmykBHTQ1maf4L/C:pr9cvo9Yqno3lbe8mArXRheDtbHxN6PG
Threatray 1 similar samples on MalwareBazaar
TLSH T192C5338644055579F8C53DB0423DB8E05B47349B4C9AB2921CABCACDA9B7ED3E3E160F
File icon (PE):PE icon
dhash icon 61c48ece8eaee4e1
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6ec7aa60afcb5b409e55.zip
Verdict:
Malicious activity
Analysis date:
2021-07-23 13:01:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4ae4ebe2-f6d6-4400-bfad-8d60f8252ed5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

Win.Malware.Generic-6651422-0
Create hunting rule

Win.Malware.Generic-6651722-0
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

PUA.Win.Packer.BorlandCpp-9
Create hunting rule

ditekSHen.MALWARE.Win.Ransomware.KillMBR.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Creating a file in the %temp% directory
Enabling the 'hidden' option for files in the %temp% directory
Creating a process from a recently created file
Creating a process with a hidden window
Creating a file
Сreating synchronization primitives
Searching for synchronization primitives
DNS request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
black greyware packed
Link:
https://www.filescan.io/uploads/619e2db8f36138de3f39aaa7/reports/aea93534-1ea3-4a0d-80ef-369f1e672d66/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6a5363f8-507e-4075-a4c3-3374ccb01ea3
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/895333
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample is not signed and drops a device driver
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 527811 Sample: oC5GjSQb7P Startdate: 24/11/2021 Architecture: WINDOWS Score: 60 28 Antivirus / Scanner detection for submitted sample 2->28 30 Multi AV Scanner detection for submitted file 2->30 7 oC5GjSQb7P.exe 5 2->7         started        process3 file4 18 C:\Users\user\AppData\Local\Temp\7za.exe, PE32 7->18 dropped 10 7za.exe 15 7->10         started        14 UltraISO.exe 3 7->14         started        process5 file6 20 C:\Users\user\AppData\Local\...\isoshl64.dll, PE32+ 10->20 dropped 22 C:\Users\user\AppData\Local\...\bootpt64.sys, PE32+ 10->22 dropped 24 C:\Users\user\AppData\Local\...\bootpart.sys, PE32 10->24 dropped 26 5 other files (none is malicious) 10->26 dropped 32 Sample is not signed and drops a device driver 10->32 16 conhost.exe 10->16         started        signatures7 process8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6ec7aa60afcb5b409e55f0a47ff4ba273f1c9e28f7bd5c9f32b1d749ccad0719/
Threat name:
Win32.Trojan.Pynamer
Create hunting rule
Status:
Malicious
First seen:
2018-01-28 10:30:58 UTC
File Type:
PE (Exe)
Extracted files:
198
AV detection:
29 of 45 (64.44%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
5b318a71a891d9f64fff9de8dc4868c9d1e563701a8272a6b281f295c7bdd43d
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/211124-pg7axscfcp/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Loads dropped DLL
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
203e2f0d90422eb9c39e93987bfd249cc32f182ae3e86e836488b7a4b90fd3a1
MD5 hash:
75a1e24d06d4516c3c67dfd7a5075b71
SHA1 hash:
415ccdc218df4e1e219a4bc50fc543ea411376a9
Link:
https://www.unpac.me/results/fba325ec-ac5b-4b53-b783-249382a06ab0/
SH256 hash:
076f79c0fc34a2ab22449b81a28bbc9584b583534eb311fc945bab87ddf2bf88
MD5 hash:
d776b889b65f60729b4a5b1736700b47
SHA1 hash:
294bea1d007d83909b1683ac1129a939671da08c
Link:
https://www.unpac.me/results/fba325ec-ac5b-4b53-b783-249382a06ab0/
SH256 hash:
c4314b7a9c49baeaafe52caa4b04353095d599cde9ada6ecc6918260dcfdeec6
MD5 hash:
f2ed9a252af214d94a0dcbeced8e407b
SHA1 hash:
029e8121a3f74e129c5f78fa0c642c44c6f2684c
Link:
https://www.unpac.me/results/fba325ec-ac5b-4b53-b783-249382a06ab0/
SH256 hash:
06b5cd93059ccda04955eab8435a44106e6eabec58e2fde53d0be9f88243d2a4
MD5 hash:
4049eb53ab25c85f3921c24afb6f851b
SHA1 hash:
34379a1f310ca8c34558dc3078ab3bda086fe1cc
Link:
https://www.unpac.me/results/fba325ec-ac5b-4b53-b783-249382a06ab0/
SH256 hash:
6ec7aa60afcb5b409e55f0a47ff4ba273f1c9e28f7bd5c9f32b1d749ccad0719
MD5 hash:
8a4cf899ce66a577228da0c737e1c21f
SHA1 hash:
8c44d167aee396e6beaa4a4fbe93e6022d204b05
Link:
https://www.unpac.me/results/fba325ec-ac5b-4b53-b783-249382a06ab0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.79
Link:
https://yomi.yoroi.company/submissions/6ec7aa60afcb5b409e55f0a47ff4ba273f1c9e28f7bd5c9f32b1d749ccad0719

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/208931/

Comments