MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76f7bf0fdd9b10a084a69aa6dd475426c1d335f7e0d26544af7cbed40e86a762. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	76f7bf0fdd9b10a084a69aa6dd475426c1d335f7e0d26544af7cbed40e86a762
SHA3-384 hash:	8b4687e414dd5dd9231c6e0e5610d69d62e9c5e85c7bced8faffa316e3164bcf85cb5ac8f1a7ecbc2e294e66462eff1e
SHA1 hash:	b9ccf9624c28a1014afe59ce4cd665015a1966db
MD5 hash:	2a81fc63f8ce9d0f8a89fcfc936e72be
humanhash:	sink-winner-seventeen-white
File name:	2a81fc63f8ce9d0f8a89fcfc936e72be.exe
Download:	download sample
File size:	1'413'352 bytes
First seen:	2021-09-09 07:15:52 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bfbc360c6a2a20fc6e98b50e62a61f43 (2 x ArkeiStealer, 1 x Glupteba)
ssdeep	24576:ZlNTv5OZIOrC9KSKNmPBWzejqv/twGNR4NjgTHfxiQ0NuSxEkyatMuiv7FeBVhCB:iWB4N2BWzDl49gbfZx0uQM9IZCDhv
Threatray	148 similar samples on MalwareBazaar
TLSH	T15665123077A0C020E1A626B045B5937D643ABE71AB3414CB73EB2BAE4B34AE5DD31757
dhash icon	9824e7d0c4e72158 (35 x RedLineStealer, 23 x Smoke Loader, 14 x ArkeiStealer)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

105

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

2a81fc63f8ce9d0f8a89fcfc936e72be.exe

Verdict:

Suspicious activity

Analysis date:

2021-09-09 07:39:44 UTC

Tags:

installer

Link:

https://app.any.run/tasks/28067403-4686-4094-acd0-b6670c825167

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/186520/

Detection(s):

Win.Packed.Generic-9891562-0

Win.Packed.Generic-9891606-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Reading critical registry keys

Sending a UDP request

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/d9ae064d-707d-4609-9684-094ea0d2dfeb

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/847884

Signature

Detected unpacking (changes PE section rights)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/76f7bf0fdd9b10a084a69aa6dd475426c1d335f7e0d26544af7cbed40e86a762/

Threat name:

Win32.Spyware.Convagent

Status:

Malicious

First seen:

2021-09-09 07:16:22 UTC

AV detection:

19 of 44 (43.18%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

03bd08dfdc557bf5a36855d4b9e5d364117804639e1486784a33e6d32800e368

349d8acfa7f788d6c886016688df9857ee7a915f7690871231c8ca39a5bf2948

39200e0a9a72adb8213b75772aa54fdca104688e6f446f88c7624beb93c29ea3

3e44aaf53dce4bee54658ad0a4ceecf11d73809de59eaad7c652c0e816304bd5

490c8bedb62d1c720cc16ffcc5816fbc3f10fbbb9a071831c2b1c0b0f0f63f7c

53bf1311760dbf64ec106e6fe8cc3fd94d0c2bb401d73fb97be4817fcddb5720

5bb23f104b0bbe34ef6c9fbc006e9423cf61ca54ea3557d423a212968a9761b2

8674d82a2e51082639b66e7e4c93a30f24f378e4f060979d16da85da4e0efe20

cf76b2cc655f76e7df806a1d5061747e098d5be4ce291f956d838852a7fabdec

dcb59ed473432e8eef60258c0be54aca0b362e43bc531172c70584ab9984d768

+ 138 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210909-h3w9hsfga5/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Unpacked files

SH256 hash:

b7bc59e4108211b606350bcf9ac55df7c658cd8baf4482c95519f0137f9ef9e7

MD5 hash:

743cd6fc1bd84e5dbdb4f2dcef222bb9

SHA1 hash:

460e7ffbc16809cb2be86e52f3bef47294d2f95d

Link:

https://www.unpac.me/results/61da1605-e94d-47d0-a32a-144f3e9cb336/

SH256 hash:

76f7bf0fdd9b10a084a69aa6dd475426c1d335f7e0d26544af7cbed40e86a762

MD5 hash:

2a81fc63f8ce9d0f8a89fcfc936e72be

SHA1 hash:

b9ccf9624c28a1014afe59ce4cd665015a1966db

Link:

https://www.unpac.me/results/61da1605-e94d-47d0-a32a-144f3e9cb336/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/76f7bf0fdd9b10a084a69aa6dd475426c1d335f7e0d26544af7cbed40e86a762

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 76f7bf0fdd9b10a084a69aa6dd475426c1d335f7e0d26544af7cbed40e86a762

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1562715/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/186520/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample