MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 756c48b8e22d22eaf24ad8c69928bcf1cbb08e63ef897eac21366f4f6bd2c403. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 13 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 756c48b8e22d22eaf24ad8c69928bcf1cbb08e63ef897eac21366f4f6bd2c403
SHA3-384 hash: 446067675bcbdc00ace64fd02ba89387e6ade1d48fff3f31b5ff01cfa4977f9422b891ba0728d097a2d927c3309e175c
SHA1 hash: b5a2747a34b5ac66c64d631383de63412742ca5f
MD5 hash: 962824cca80e5383661a072b452812ef
humanhash: video-harry-carpet-floor
File name:962824cca80e5383661a072b452812ef
Download: download sample
File size:8'455'680 bytes
First seen:2024-01-05 00:39:28 UTC
Last seen:2024-01-07 19:36:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4f2f006e2ecf7172ad368f8289dc96c1 (40 x LummaStealer, 17 x CobaltStrike, 15 x Glupteba)
ssdeep 196608:0hOi698VEyHewhqN0q+LNazg+WqMyhFw6rrCi:6Oiik+uJxaTMyD
TLSH T17586124BBCD044BAD4BA533248A261927B72FC150F3223CB2A90F27C2F76BD15A75765
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter zbetcheckin
Tags:64 exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
333
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
amadey
Create hunting rule
ID:
1
File name:
e8e307f94d9319f62b20920b93bec8ad8fad2341a3fa1d072a0cd8257295d881.exe
Verdict:
Malicious activity
Analysis date:
2024-01-04 21:04:12 UTC
Tags:
autoit amadey botnet stealer loader redline kelihos trojan risepro evasion
Link:
https://app.any.run/tasks/f3cbccce-41ee-4a97-8598-e741a2f36176

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/469555/
Detection(s):
SecuriteInfo.com.FileRepMalware.24762.29809.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
go golang packed
Link:
https://www.filescan.io/uploads/65974fe3b855eb369313548b/reports/98634a4c-0473-4b7f-b8b3-45f30d0c4f03/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/756c48b8e22d22eaf24ad8c69928bcf1cbb08e63ef897eac21366f4f6bd2c403
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
JaskaGO
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6bdca74b-dc4e-4200-b41a-200f9ff7d042
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1370116
Signature
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Potentially malicious time measurement code found
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/756c48b8e22d22eaf24ad8c69928bcf1cbb08e63ef897eac21366f4f6bd2c403
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/756c48b8e22d22eaf24ad8c69928bcf1cbb08e63ef897eac21366f4f6bd2c403/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ovwerohcfurov4sk3ddjskf46hf3bdtd56ex5lbbgzxu626syqbq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240105-az7xvaefcm/
Unpacked files
SH256 hash:
756c48b8e22d22eaf24ad8c69928bcf1cbb08e63ef897eac21366f4f6bd2c403
MD5 hash:
962824cca80e5383661a072b452812ef
SHA1 hash:
b5a2747a34b5ac66c64d631383de63412742ca5f
Link:
https://www.unpac.me/results/92947da5-b92d-4ca2-a483-addf33f20bb9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.72
Link:
https://yomi.yoroi.company/submissions/756c48b8e22d22eaf24ad8c69928bcf1cbb08e63ef897eac21366f4f6bd2c403

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:GoBinTest
Create hunting rule
Rule name:golang
Create hunting rule
Rule name:Golangmalware
Create hunting rule
Author:Dhanunjaya
Description:Malware in Golang
Rule name:golang_binary_string
Create hunting rule
Description:Golang strings present
Rule name:golang_duffcopy_amd64
Create hunting rule
Rule name:HiveRansomware
Create hunting rule
Author:Dhanunjaya
Description:Yara Rule To Detect Hive V4 Ransomware
Rule name:identity_golang
Create hunting rule
Author:Eric Yocam
Description:find Golang malware
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 756c48b8e22d22eaf24ad8c69928bcf1cbb08e63ef897eac21366f4f6bd2c403

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/469555/
  
URLhaus
https://urlhaus.abuse.ch/url/2746448/
  
URLhaus
https://urlhaus.abuse.ch/url/2746456/

Comments


Avatar
zbet commented on 2024-01-05 00:39:29 UTC

url : hxxp://77.91.68.21/lend/macheri.exe