MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7020e56bede921b07264a366af2ab6c2454ee3da1d56382636edad0e620889f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7020e56bede921b07264a366af2ab6c2454ee3da1d56382636edad0e620889f0
SHA3-384 hash: 1a62e88b983ca8bb11a7fa0ee0d0912a6ac03e40a27e35f26de0c540d64326acedf6dd554eb7e05b354eee567e7f8666
SHA1 hash: 6cfcbe6979b3efd65dcd67c6d14fc77784d80eb1
MD5 hash: 656ff8b577c1e177e3c414df7aa92e22
humanhash: football-carpet-island-johnny
File name:pnet.windows.386.exe
Download: download sample
File size:1'468'416 bytes
First seen:2022-12-11 07:47:51 UTC
Last seen:2022-12-11 09:34:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (254 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 24576:xIRBKYLv0Tn3sy7iNRoXJEUeoOWTvARMpMzw23+wLIZ5CCp712Svm7Tb5vtHcZ5:xIRPLc78hNR6MWTvAe3tqIZ5CJBt
Threatray 17 similar samples on MalwareBazaar
TLSH T17265338ABB0DBBF5DE56B07DC1517B37919509DC30A3F04268A15661EB36C8B38BC392
TrID 32.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
28.9% (.EXE) Win32 Executable (generic) (4505/5/1)
13.0% (.EXE) OS/2 Executable (generic) (2029/13)
12.8% (.EXE) Generic Win/DOS Executable (2002/3)
12.8% (.EXE) DOS Executable Generic (2000/1)
Reporter ukycircle
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
162
Origin country :
JP JP
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/345119/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.63783447.907.6970.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/63958b339a505ad9423ee47e/reports/fcb05b90-c96e-43b6-ba92-0065a124c6b9/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/3a7ec90b-6824-4f8d-85ba-cc10d21db6e4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1132130
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 764854 Sample: pnet.windows.386.exe Startdate: 11/12/2022 Architecture: WINDOWS Score: 48 13 Multi AV Scanner detection for submitted file 2->13 6 pnet.windows.386.exe 1 2->6         started        process3 dnsIp4 11 34.102.26.38, 1337 GOOGLEUS United States 6->11 9 conhost.exe 6->9         started        process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7020e56bede921b07264a366af2ab6c2454ee3da1d56382636edad0e620889f0/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-11-21 18:15:47 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
10 of 26 (38.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oaqok27n5eq3a4teuntk6kvwyjcu5y62dvldqjrw5wwq4yqirhya._file
Verdict:
malicious
Similar samples:
08ff371dff7eb8283c675a14af2477eede676756cdd4d2252ee7239140445ec9
1d18f3af66886b4a7e5569c9ae0b93f72d444d76bd2be4ae2fb0090a208edae6
5bc5cdd0c50f063e0f356ea7279481080e101208e4e1f7698f656ff8b91f0685
7aa17be3b8a5d82c4ffcb0a88cf2a64339c59fceaea5201cf6c7b3c7c906cdc3
7cb014a9f7b5e2407867c0cabe5bc80770366b3bd1ecd511d1fdf3df4d27325e
c5b9950fefd4759acc3456930ff1d3f9b2406aef827b494d0bebe6cdc24ac2f2
e2a560ab014411433ad31ecfe13de3b561170660a86c726b2c803d94781f8680
f2f3f1913e42e3ec664efdb1d832809486a4a8bd6512d2bf92fa469b32445479
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/221211-jm4jbsbc9y/
Behaviour
Suspicious use of AdjustPrivilegeToken
UPX packed file
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/b37cac04-237c-45fe-b8db-21c6f20a81a8
Unpacked files
SH256 hash:
0fb6ca4f8e3ea2c7c27b92491649731350292e0e13b013745d62b7d8262a0650
MD5 hash:
6597c79fe020dd1b650eac44fad45891
SHA1 hash:
8177e4d85bc0c7827943b36dcd043540fc0301dc
Link:
https://www.unpac.me/results/64d09c05-ea40-408d-8755-0194b731f0bc/
SH256 hash:
7020e56bede921b07264a366af2ab6c2454ee3da1d56382636edad0e620889f0
MD5 hash:
656ff8b577c1e177e3c414df7aa92e22
SHA1 hash:
6cfcbe6979b3efd65dcd67c6d14fc77784d80eb1
Link:
https://www.unpac.me/results/64d09c05-ea40-408d-8755-0194b731f0bc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.21
Link:
https://yomi.yoroi.company/submissions/7020e56bede921b07264a366af2ab6c2454ee3da1d56382636edad0e620889f0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7020e56bede921b07264a366af2ab6c2454ee3da1d56382636edad0e620889f0

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/345119/

Comments