MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f122f00adaab046587bde91f69868655c4491895c4d0716bf2ee479ce628a63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f122f00adaab046587bde91f69868655c4491895c4d0716bf2ee479ce628a63
SHA3-384 hash: d526d9d87d1606d838cdb231dd8df2db431df0eb565a78e8a7025652f4de0a6c4c761d73b3630c9372386c7e2dde343a
SHA1 hash: b5e7bec08b6413bd9e4b6c0e6b74cbd0939ec5cb
MD5 hash: 2409770bf94cfa7d511d7ec14af3abd9
humanhash: oklahoma-avocado-ack-floor
File name:setup.exe
Download: download sample
File size:1'295'576 bytes
First seen:2021-01-18 14:23:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ffb0c1b03081ee555711ca0c1201c9d
ssdeep 24576:esSWkfRyE2ZcFGUEGNBffACErtoFAocYj+uY64YF5AjXEx2Je7CVSszVrmWW:0WJE2ZctEafitmGYj+uYP4D2VPrX
TLSH 2E551201B5D5C4B5EAF21F30A8B9C5A04EB9FC305E648ADF538479351F78680E938BA7
Reporter Anonymous

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
setup.exe
Verdict:
Malicious activity
Analysis date:
2021-01-18 14:27:19 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/18f21158-5a73-4c16-9fa8-07439e963134

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/112570/
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Program Files subdirectories
Creating a process from a recently created file
Creating a window
Creating a service
Sending a UDP request
DNS request
Sending a custom TCP request
Transferring files using the Background Intelligent Transfer Service (BITS)
Connection attempt
Sending an HTTP GET request
Creating a file in the %temp% directory
Enabling the 'hidden' option for files in the %temp% directory
Moving a file to the %temp% directory
Deleting a recently created file
Creating a file in the Windows subdirectories
Changing a file
Moving a file to the Program Files subdirectory
Enabling autorun for a service
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
36 / 100
Link:
https://www.joesandbox.com/analysis/583876
Signature
Malicious sample detected (through community Yara rule)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6f122f00adaab046587bde91f69868655c4491895c4d0716bf2ee479ce628a63/
Verdict:
malicious
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery macro persistence spyware xlm
Link:
https://tria.ge/reports/210118-rb2r7vfkf2/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Drops file in Program Files directory
Checks installed software on the system
JavaScript code in executable
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Modifies Installed Components in the registry
Sets file execution options in registry
Suspicious Office macro
Registers COM server for autorun
Unpacked files
SH256 hash:
e12b0ce094901b1b5424eb072d2552058406e1c1d11f83e999521a14d107662e
MD5 hash:
57d7d805f3ff928749b511a3186adb34
SHA1 hash:
bc83c29cc7a1d78d7379aee504fb0101d401f646
Link:
https://www.unpac.me/results/79532331-ced8-4702-9a5f-df641d177ce8/
SH256 hash:
3cc81880ece9228f52626e4a867bd5e3b4e7d28eaf8146164cc6b3e92a68cf82
MD5 hash:
a0ca75417767ae650fd91c1ce92df575
SHA1 hash:
50dee2e18e143a25cd38bc8a1a6c86023e913de7
Link:
https://www.unpac.me/results/79532331-ced8-4702-9a5f-df641d177ce8/
SH256 hash:
a40ee743a2e2a814c72efa70b77c94b4ee0da0449da2e6cb121599f6d9408168
MD5 hash:
2730471feec56d7b34c028bf4580c260
SHA1 hash:
190541b254a46b3780a0c582db0c2172a1038c59
Link:
https://www.unpac.me/results/79532331-ced8-4702-9a5f-df641d177ce8/
SH256 hash:
92ea9b731c1d24160cd2ee4cdcb86a2819dd4f5424025f0eae6ea27d5474cb79
MD5 hash:
601660a5e0dd4a03ec849764845aa84a
SHA1 hash:
7f855bc66b35d5917554827fff488ae822cb1bde
Link:
https://www.unpac.me/results/79532331-ced8-4702-9a5f-df641d177ce8/
SH256 hash:
892f5df950ccc66a93e82fad97bf9d974e2f6e04825edc42ffa69c0a41273572
MD5 hash:
e9098738b26f6bf7cff40445bbed8d03
SHA1 hash:
49be95ea2e2974a174ae877ef6c71623b18cc16d
Link:
https://www.unpac.me/results/79532331-ced8-4702-9a5f-df641d177ce8/
SH256 hash:
6f122f00adaab046587bde91f69868655c4491895c4d0716bf2ee479ce628a63
MD5 hash:
2409770bf94cfa7d511d7ec14af3abd9
SHA1 hash:
b5e7bec08b6413bd9e4b6c0e6b74cbd0939ec5cb
Link:
https://www.unpac.me/results/79532331-ced8-4702-9a5f-df641d177ce8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6f122f00adaab046587bde91f69868655c4491895c4d0716bf2ee479ce628a63

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6f122f00adaab046587bde91f69868655c4491895c4d0716bf2ee479ce628a63

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/112570/

Comments