MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a7d62a2e8d69d5523b3a40ec412102140479b638b4dbfd072fd2e7723d01e10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a7d62a2e8d69d5523b3a40ec412102140479b638b4dbfd072fd2e7723d01e10
SHA3-384 hash: dd7bbf46478912bd55e4ec6800df0b84e4ffb46955c70efd8a483a235312ddd1331b61e89418f2837238335f576602f6
SHA1 hash: 0160e2786f9b1c5e38b6ea2ec04118f5ab15d0b4
MD5 hash: 8bed49b101c6aad33e50c52cc7d25435
humanhash: delaware-texas-green-comet
File name:SecuriteInfo.com.BehavesLike.Win32.MultiPlug.cc.11230
Download: download sample
File size:139'264 bytes
First seen:2020-12-09 13:02:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0c628ce26631f0c09e28725b059e600a (1 x RedLineStealer)
ssdeep 3072:uHpQlE3Lwd4jAy9eJm5YYrN+9fuAQQ7oCBMQXBw:YAEbw2D9x5Yq+9GCKQX
Threatray 240 similar samples on MalwareBazaar
TLSH DAD3120DADF68D3EF462C73040DB8B22C68547AD888A931F6C6369E235E2474B4927D9
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.BehavesLike.Win32.MultiPlug.cc.11230
Verdict:
No threats detected
Analysis date:
2020-12-09 13:06:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/97a4652d-0bad-4b85-af93-085cdfb948ac

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107471/
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

SecuriteInfo.com.BehavesLike.Win32.MultiPlug.cc.11230.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/559053
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a7d62a2e8d69d5523b3a40ec412102140479b638b4dbfd072fd2e7723d01e10/
Threat name:
Win32.Trojan.Disfa
Create hunting rule
Status:
Malicious
First seen:
2020-12-09 13:03:04 UTC
AV detection:
17 of 27 (62.96%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1b13660c52adcccc1cef45f137a3373f5615500a609c61a9872e5ed4336e629a
1e2773c36054c3392f3e220d4c22cce63f31750c2ee6707198e4d15648f11897
3a5943219f8400531a411b909b666337ba4f232d19e003a0128e0d699106f04f
6b821b358a92094bf1218d5a455e7205efeda83a4b4247d010a86b77e284ee75
95aee7e64808e12f340834e6b49c3541c1e5e0b3a1ff1fcd7eb2591a83b619fb
a8f02b8afe1ae18247c52d2e7272de680c81e7f215c5302d9c0961ff3ad52cb9
b44ef524ef77ea1ee0bcb7096b328f6f94a4621df0d15114e8ff43e83483bbc6
bea787acfc0effd615ab72ab1be2d18bb7b1eb07bed15b013bdbbf3c61b5fd86
e14db11b2e852dcb17a2a9315aad77e48ef906ae85042a3edf667611898dc77c
e1cc00d3cbcab395fd825729c328898cd832ebde183c616c1bece606f07e80d7
+ 230 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201209-rl3tf5vmws/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
7a7d62a2e8d69d5523b3a40ec412102140479b638b4dbfd072fd2e7723d01e10
MD5 hash:
8bed49b101c6aad33e50c52cc7d25435
SHA1 hash:
0160e2786f9b1c5e38b6ea2ec04118f5ab15d0b4
Link:
https://www.unpac.me/results/a32f4fa3-12f4-4adf-9428-cdb15a50ebc1/
SH256 hash:
a240ba5b10cf07f61132e091303995bb79c51e270b079df005f13f6f9a407dc1
MD5 hash:
e7d1024301b51fe2988df493d02eee52
SHA1 hash:
58d35798dd6d30bb1bdef127bfb223b00f21c453
Link:
https://www.unpac.me/results/a32f4fa3-12f4-4adf-9428-cdb15a50ebc1/
SH256 hash:
8442d496c7a10c562b1efb13b68f3db1f3c746bb6aea2d2f30d50ed7c0b09326
MD5 hash:
1942ae27c60cd9e6590691f10b679c0b
SHA1 hash:
8e30d3353a1e0bd4663f350b55a7a305336f5240
Link:
https://www.unpac.me/results/a32f4fa3-12f4-4adf-9428-cdb15a50ebc1/
SH256 hash:
cdcea954a1fb3fb37eead4897c22e8b6d988816fa15294d568505cba72b33840
MD5 hash:
0f7b3ae6c555d113ba9871bfa23ef2cb
SHA1 hash:
f5864a23462cbdeb212b87d78153a452a606de71
Link:
https://www.unpac.me/results/a32f4fa3-12f4-4adf-9428-cdb15a50ebc1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
MultiPlug
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/7a7d62a2e8d69d5523b3a40ec412102140479b638b4dbfd072fd2e7723d01e10

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7a7d62a2e8d69d5523b3a40ec412102140479b638b4dbfd072fd2e7723d01e10

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/901843/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/901969/
Cape
Cape
https://www.capesandbox.com/analysis/107471/

Comments