MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6feed7d5f7d9776c69963076fdb46de01b8ff9253a84b9e086e0beefc85a181d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6feed7d5f7d9776c69963076fdb46de01b8ff9253a84b9e086e0beefc85a181d
SHA3-384 hash: ac73bc740b12f51084bf5110928973207d2a49b08a04a9a7ea8db2395b6cd82039ea87b2f80b82327cc226cd186bb62e
SHA1 hash: 434637dbff391e4c0012fa493d53ef571a465c07
MD5 hash: c762341624a305f91883921f9f17d3eb
humanhash: queen-louisiana-pip-nuts
File name:c762341624a305f91883921f9f17d3eb.exe
Download: download sample
File size:554'496 bytes
First seen:2020-12-29 07:45:17 UTC
Last seen:2020-12-29 10:12:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2144f9c12885542d4a4f22de64e840e1 (26 x RedLineStealer, 24 x Smoke Loader, 13 x RaccoonStealer)
ssdeep 12288:lae1P4FsOc5TalzuErrPD+sx/hOK7aTyyrJR2ONupKD/SV:PP4Flialzue/+sbzW3+OC
Threatray 7 similar samples on MalwareBazaar
TLSH 97C42349435710F3E5805CB8611CB4E1BB82E850AAF2BDF0AE36DD1F5974ED7864DB12
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c762341624a305f91883921f9f17d3eb.exe
Verdict:
Malicious activity
Analysis date:
2020-12-29 07:50:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d9979aaf-f87f-4dcd-ab93-0c2b6dd19abd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/109713/
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Blocking the Windows Defender launch
Rewriting of the hard drive's master boot record
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/571262
Signature
Contains functionality to infect the boot sector
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6feed7d5f7d9776c69963076fdb46de01b8ff9253a84b9e086e0beefc85a181d/
Threat name:
Win32.Trojan.DiskWriter
Create hunting rule
Status:
Malicious
First seen:
2020-12-28 21:32:47 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
281de330768f7e2231f3984b2fbac04bf9f7f2b2d4fb3c2f91d6ba2eab8d546c
99ddbc06f3ec84f50661bb88036fd872308af6f5841a9730cc020c5b7467a3c0
b7de56f8c1d25037dbded37355d0cd8219f68d38683913de1e000c2c50159143
bb338ad009e5f738ff8e482959c3af1fd0d9d68864e8a5574087d53b427aee76
cd291b0afa870e36bcd70dfc9c4db4cd0d82ddc5b110bfc0ddd644455174b39a
ed545d941919632591e31377799e17181448dc29acb80d9bca885a1995a00057
f69bdd82ca22268d090832707e37b1cae408ba96476843b55feedac11acc6277
Result
Malware family:
n/a
Score:
  8/10
Tags:
bootkit persistence upx
Link:
https://tria.ge/reports/201229-9ktrf9ctjs/
Behaviour
Suspicious use of AdjustPrivilegeToken
Writes to the Master Boot Record (MBR)
Unpacked files
SH256 hash:
03a30ef3df8b5041fc12dff970fc69c1f3c8735b976c04b6cb6f453b45b31e36
MD5 hash:
eba51c644a8e6a3f5a927bca551b9e5f
SHA1 hash:
78f4529d95c32b109614daa24546a900a0832d20
Link:
https://www.unpac.me/results/d56f4023-96b5-4d90-bb7f-3859bbc18756/
SH256 hash:
cf98c75ab336ef7984818017b906c3ab0d19931373d9e31a94070a590cca24a9
MD5 hash:
3d09e0981adb03816430e02654e2b23e
SHA1 hash:
5245fcf9fa5078d3861fd92b53b5361f63578381
Detections:
win_pitou_auto
Create hunting rule
Link:
https://www.unpac.me/results/d56f4023-96b5-4d90-bb7f-3859bbc18756/
Parent samples :
281de330768f7e2231f3984b2fbac04bf9f7f2b2d4fb3c2f91d6ba2eab8d546c
b7de56f8c1d25037dbded37355d0cd8219f68d38683913de1e000c2c50159143
ed545d941919632591e31377799e17181448dc29acb80d9bca885a1995a00057
bb338ad009e5f738ff8e482959c3af1fd0d9d68864e8a5574087d53b427aee76
99ddbc06f3ec84f50661bb88036fd872308af6f5841a9730cc020c5b7467a3c0
cd291b0afa870e36bcd70dfc9c4db4cd0d82ddc5b110bfc0ddd644455174b39a
6feed7d5f7d9776c69963076fdb46de01b8ff9253a84b9e086e0beefc85a181d
SH256 hash:
6feed7d5f7d9776c69963076fdb46de01b8ff9253a84b9e086e0beefc85a181d
MD5 hash:
c762341624a305f91883921f9f17d3eb
SHA1 hash:
434637dbff391e4c0012fa493d53ef571a465c07
Link:
https://www.unpac.me/results/d56f4023-96b5-4d90-bb7f-3859bbc18756/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Glupteba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6feed7d5f7d9776c69963076fdb46de01b8ff9253a84b9e086e0beefc85a181d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6feed7d5f7d9776c69963076fdb46de01b8ff9253a84b9e086e0beefc85a181d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/943972/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/109713/

Comments