MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 74a0e4140ca9299aa29f32313740e66821324c97b2ec860fc7945ec0e6775a7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	74a0e4140ca9299aa29f32313740e66821324c97b2ec860fc7945ec0e6775a7c
SHA3-384 hash:	b98206a913ee85a779f42bc78951ca0bda51fa01e4e7872b7b08272276b0ff94a21d60c4352d6b7e6d2fc6517892992c
SHA1 hash:	0f2c040be3062a3c4b237ad1161e1ac080758fd4
MD5 hash:	5f98e96d66d88c30f69019a5efee9750
humanhash:	delta-sink-carbon-lion
File name:	file
Download:	download sample
File size:	5'355'008 bytes
First seen:	2022-10-05 08:49:56 UTC
Last seen:	2022-10-14 11:51:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	98304:USubb+yBI/M/+Kxh5pMnJ6U4+x9LBO9tm9nGY1nVgP6IB9lxzvT9l30Spx7zYFnZ:U9n7nMnJyCxq49nGs2yQzxzZl3jdEFnZ
Threatray	44 similar samples on MalwareBazaar
TLSH	T1F646333BE7A459A3D37114ADC17516818D3EA1632D373C2AEBF66334ACD0940BB66393
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from http://185.216.71.144/e5596/dd47c.exe

Intelligence

File Origin

# of uploads :

152

# of downloads :

235

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/316766/

Detection(s):

SecuriteInfo.com.Win64.Malware-gen.15503.3550.UNOFFICIAL

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Creating a file in the system32 subdirectories

Creating a file

Launching a process

Creating a process with a hidden window

Using the Windows Management Instrumentation requests

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/633d453c90cb824e9da028bb/reports/29a46b8f-c920-48d9-8848-4d10716904d9/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/c34396dc-2845-4252-8664-21b4cbad71ad

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1083952

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/74a0e4140ca9299aa29f32313740e66821324c97b2ec860fc7945ec0e6775a7c/

Threat name:

Win64.Trojan.Privateloader

Status:

Malicious

First seen:

2022-10-05 08:50:33 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

17 of 26 (65.38%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=osqoifamveuzviu7giytoqhgnaqtetexwlwimd6hsrpmbztxlj6a._file

Verdict:

unknown

58e1eecd96750405a47327b00330180e4fc8aae4b0e6f89616d8d3cc9021fc9b

5bf3189b7d260930bbcaff2c228e948195d774d2542a6fe0a865a7e5b8b07c63

5d72a8ffcefedd15f16a8ac752b0e09fef6d9359c0019fa1627be76581358152

774fa8863d2cb1747c338ef9023103d535715b30b6d5450a9ee146663d77c89b

7fa5971fde4364c32e47c5a8e6b189fc214ffd019077f30c14fbfb4e240909e1

8b03872c981e72aa24fd680e3d8f49768341f2c86fdabe51f4e5302c41b194a7

b5ff5a9c19554d5531b7287615ce45e622ffc8d12b6c8d3f15e6c023e94bd452

cc81b5085ea098d0d117dfe38aa46b5513f66d34c23454c964cdd3f0864967e7

d06077790fb260d6c3ed4af601b5322446d2a0621eb8edf14af8438dc2c02a63

+ 34 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/221005-krldzsdge5/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Reads user/profile data of web browsers

UPX packed file

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/48007c2f-a15a-46c0-86c8-ee8b634758c0

Unpacked files

SH256 hash:

31cf2987e1a8b0f8a5e35af814a39094f237058153af10747b53314ee2807c3c

MD5 hash:

baac7bb0721148699abe095e1b7cb4a8

SHA1 hash:

dd491783de226232c9616450eba50e4618b6c938

Link:

https://www.unpac.me/results/ad62898d-27f5-4289-82ed-69dbef5a0a3c/

SH256 hash:

74a0e4140ca9299aa29f32313740e66821324c97b2ec860fc7945ec0e6775a7c

MD5 hash:

5f98e96d66d88c30f69019a5efee9750

SHA1 hash:

0f2c040be3062a3c4b237ad1161e1ac080758fd4

Link:

https://www.unpac.me/results/ad62898d-27f5-4289-82ed-69dbef5a0a3c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/74a0e4140ca9299aa29f32313740e66821324c97b2ec860fc7945ec0e6775a7c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/316766/

URLhaus

https://urlhaus.abuse.ch/url/2350889/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample