MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75520762f93c99c79ebac6081437b0b1ebf7122b1bcc1942484ea5de8e06a1ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	75520762f93c99c79ebac6081437b0b1ebf7122b1bcc1942484ea5de8e06a1ea
SHA3-384 hash:	b3f0ae20fb895cd70bac11cbaf814e62d375cd1325ba1c66bdcfa9d2d6193768714289cd688325443d2dbed3cf99e490
SHA1 hash:	4e4c496524a3ab300dca5a5491b0da6d1afbdaf2
MD5 hash:	5831c6df32e0af0440e3a684095197f9
humanhash:	tango-six-oven-sad
File name:	5831c6df32e0af0440e3a684095197f9.exe
Download:	download sample
File size:	4'467'200 bytes
First seen:	2022-11-07 11:34:20 UTC
Last seen:	2022-11-11 06:23:05 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	98304:HhabZkuVRP1cfly3bXwitnj/RQCOky7CQLi/Gf5rKVwBRa:HIFPVRPiM3bAitja8gCrGfmwBI
Threatray	127 similar samples on MalwareBazaar
TLSH	T1052633FFB1514777DC1ADDED93BA653CAE85F132CB023917023AA86D1B4B12AF1A6140
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

146

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

ficker

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2022-11-07 03:17:26 UTC

Tags:

installer loader evasion trojan ficker stealer

Link:

https://app.any.run/tasks/aad0263f-cdf3-4ddf-816e-8ea961ddca02

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/329865/

Detection(s):

SecuriteInfo.com.Win64.Trojan-gen.2416.20765.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/6368ed6a15611f8d8bf94eb3/reports/36108aea-d7db-4e55-ab98-0de1f0be2527/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2a87b89b-6af2-4f3b-94a6-26bec1231802

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1107208

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Queries memory information (via WMI often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/75520762f93c99c79ebac6081437b0b1ebf7122b1bcc1942484ea5de8e06a1ea/

Threat name:

Win64.Trojan.Goback

Status:

Malicious

First seen:

2022-11-07 07:43:51 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

19 of 26 (73.08%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ovjaoyxzhsm4phv2yyebin5qwhv7oerldpgbsqsij2s55dqguhva._file

Verdict:

unknown

2e557bd01d811580bda017fd1d1070d56d722e7d261474f2b404410f55ec1abc

46925967d26cb4373de322bde604948b21a6100822d52b003c82eb88f42668e6

52fbe26c4b9fd1f8fae6d4840ef6741eb6c8bcd4f137f9139ae49b15d1590b20

5d624f8e7057338458913360aa8187f73df438184232eca592e12b37d0b2781a

65d77c6d99bfdf41472afef809ff3a719e16610ac76fc68994b10bbae824dc6d

6f6e8e9441fa7b35c0b1676a69957404081ca8a357b38a6640adb38375a7424d

7ec738bfdf48fd3a07f87eee1bf8f17a4d790b97263e9655106369c642bff090

f8a941938484a00306232e77b8af41e7f81df56e4aa9864a2b59ea8ebfbc892b

ff3ae8fff0d1862d4bde8f61e0ed14ef76d6d2cc6d940bb83dc0b4cfdacc2752

+ 117 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/221107-np187sgbgm/

Behaviour

Reads user/profile data of web browsers

UPX packed file

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/b077ef4c-1bc5-40e9-8897-163d10b7c664

Unpacked files

SH256 hash:

fffa3cb279394f9c5e9dab454f3ff51d45b52c4756287bbe6744b74abb307cfd

MD5 hash:

659e3d9b0f9aac484fc0753e5dfa3a14

SHA1 hash:

24b4393a50ed045c00bc191e3666e8c58a8025d0

Link:

https://www.unpac.me/results/291f54b7-accd-47ea-ac8f-830c05ff2b3f/

SH256 hash:

75520762f93c99c79ebac6081437b0b1ebf7122b1bcc1942484ea5de8e06a1ea

MD5 hash:

5831c6df32e0af0440e3a684095197f9

SHA1 hash:

4e4c496524a3ab300dca5a5491b0da6d1afbdaf2

Link:

https://www.unpac.me/results/291f54b7-accd-47ea-ac8f-830c05ff2b3f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/75520762f93c99c79ebac6081437b0b1ebf7122b1bcc1942484ea5de8e06a1ea

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 75520762f93c99c79ebac6081437b0b1ebf7122b1bcc1942484ea5de8e06a1ea

(this sample)

Cape

https://www.capesandbox.com/analysis/329865/

URLhaus

https://urlhaus.abuse.ch/url/2289584/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample