MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70ebead6ea8cac65cb1fccb593f7751c6f9ca56333a828d7ce1f9b5c4e23f47a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70ebead6ea8cac65cb1fccb593f7751c6f9ca56333a828d7ce1f9b5c4e23f47a
SHA3-384 hash: 5456d47c85e637beb55763ec871e98299585faa44a8867c13c24ece6297b427a54329a223b1fcbc887ece1a232a63710
SHA1 hash: f5dc1bafc8eb5bc34166d8a7beecc3f1e5f99d29
MD5 hash: 01d648ecf27b3e9a6415af8fab167ac9
humanhash: arizona-nuts-fruit-william
File name:01d648ecf27b3e9a6415af8fab167ac9
Download: download sample
File size:711'168 bytes
First seen:2023-03-07 15:07:24 UTC
Last seen:2023-03-07 17:30:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 039032eedb13fb00811bf4343043c31c (3 x Stealc)
ssdeep 12288:19HFJI/fb/r6WEc0YqxK72b3VrX05jtPXqRTLn57I:19H/I/fbuWEc0VxKSb9XMtqNLn5
Threatray 6 similar samples on MalwareBazaar
TLSH T1A6E4D63AAA1604D6F56C0AF006AD5EE1B86F1D3BC98108517FCC7C79A4B0EB782D4767
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4505/5/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon c8e2eae6a292c2ce (1 x Stealc)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
209
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
01d648ecf27b3e9a6415af8fab167ac9
Verdict:
No threats detected
Analysis date:
2023-03-07 15:09:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d8c58bc0-0af4-4dc7-bff0-ddd3b3a70ffd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/372377/
Detection(s):
SecuriteInfo.com.Variant.Jaik.127154.26174.24558.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed zbot
Link:
https://www.filescan.io/uploads/6407535310ca2273c93e3152/reports/12a9af51-8173-4332-8645-c1d4f6bb83d8/overview
Verdict:
Malicious
Labled as:
Jaik.Generic
Link:
https://www.hybrid-analysis.com/sample/70ebead6ea8cac65cb1fccb593f7751c6f9ca56333a828d7ce1f9b5c4e23f47a
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/24cd89f7-d8a2-41c4-a3db-c1b48d83dde9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1188685
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/70ebead6ea8cac65cb1fccb593f7751c6f9ca56333a828d7ce1f9b5c4e23f47a/
Threat name:
Win32.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2023-03-07 14:05:19 UTC
File Type:
PE (Exe)
Extracted files:
12
AV detection:
21 of 25 (84.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=odv6vvxkrswglsy7zs2zh53vdrxzzjldgoucrv6od6nvytrd6r5a._file
Verdict:
malicious
Similar samples:
52596eef822fc2232f338a67a88f8c8b8d2fecd04183301541dfd6a79266fba9
be6f2d0e8bc44799f04488d565b3550008ba754233217b3f7b3a6b92c0840caa
e1fd2d534eed837ebb0fb3b0f25732dadaf4bfd95de92b6c44935d624d991dab
e69312127d70accf9e2c20606b600b566507ae679e1b910341403a07eb57d881
e9af7f0df0759fc3dd61d34f0db78c556bb1d35df28cd683b0fddc296a8e3146
f9b8420f43c338d46ad5f6d437778a6951b3dfb15ee527dcef00ac6cfe680cd9
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230307-shwglahh81/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
e70c157391bef31d9396192be50a8375a6199f70d6fb534da81957462b91fd89
MD5 hash:
d82829251c12448988854f969b98c8ed
SHA1 hash:
f0fe4b79c8b215d35f5c311662b47cabb848fcd8
Link:
https://www.unpac.me/results/18680ebc-a93c-42a2-b342-fba4e78f6e25/
SH256 hash:
70ebead6ea8cac65cb1fccb593f7751c6f9ca56333a828d7ce1f9b5c4e23f47a
MD5 hash:
01d648ecf27b3e9a6415af8fab167ac9
SHA1 hash:
f5dc1bafc8eb5bc34166d8a7beecc3f1e5f99d29
Link:
https://www.unpac.me/results/18680ebc-a93c-42a2-b342-fba4e78f6e25/
Malware family:
RecordBreaker
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/70ebead6ea8c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.36
Link:
https://yomi.yoroi.company/submissions/70ebead6ea8cac65cb1fccb593f7751c6f9ca56333a828d7ce1f9b5c4e23f47a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 70ebead6ea8cac65cb1fccb593f7751c6f9ca56333a828d7ce1f9b5c4e23f47a

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2561719/
Cape
Cape
https://www.capesandbox.com/analysis/372377/

Comments


Avatar
zbet commented on 2023-03-07 15:07:31 UTC

url : hxxp://194.87.35.101/nigga.exe