MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b6b6698ff3347c2bcaa7535d72543dd708358f1c2d01ae8409d28b94c088dbe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PrivateLoader

Vendor detections: 10

Intelligence 10 IOCs YARA 3 File information Comments

SHA256 hash:	7b6b6698ff3347c2bcaa7535d72543dd708358f1c2d01ae8409d28b94c088dbe
SHA3-384 hash:	e9fdbe068b4bf6273be7c535b3ad5f71aef236ee8d7af55a27ce42d5c64f16af2e97f489e4818433cfb456552cfdeea4
SHA1 hash:	bfb3f9c831bd6dc1614f92066049409b4097cf43
MD5 hash:	815656eb152af806cff18eec503b82ac
humanhash:	oregon-edward-robert-eight
File name:	11111.Exe
Download:	download sample
Signature	PrivateLoader Create hunting rule
File size:	8'446'375 bytes
First seen:	2023-06-20 17:15:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bdaa4f11fa75ae7944b223ba584c1f57 (7 x LummaStealer, 1 x PrivateLoader, 1 x Stealc)
ssdeep	196608:a9eRyCT+aj1Mz+ZUkLugNs2It/n16yQ5KIqQ3iRa8:a4sCT+aXZUKugZG1iMI9r8
Threatray	2 similar samples on MalwareBazaar
TLSH	T1D2863382AD50D1BAC0F5113216E6C936ADBFBE0243024D8F67F83F7F36217A5A13595A
TrID	40.3% (.EXE) Win64 Executable (generic) (10523/12/4) 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 17.2% (.EXE) Win32 Executable (generic) (4505/5/1) 7.7% (.EXE) OS/2 Executable (generic) (2029/13) 7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	0000000000000000 (898 x AgentTesla, 540 x Formbook, 316 x RedLineStealer)
Reporter	obfusor
Tags:	exe PrivateLoader

Intelligence

File Origin

# of uploads :

# of downloads :

349

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

11111.Exe

Verdict:

Malicious activity

Analysis date:

2023-06-20 17:18:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/c7cc5758-40b6-4fbb-9834-e78978e7c334

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/401154/

Detection(s):

SecuriteInfo.com.FileRepMalware.10241.32301.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Сreating synchronization primitives

Searching for the window

Sending a custom TCP request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware lolbin masquerade overlay packed

Link:

https://www.filescan.io/uploads/6491ded4b453925d4072dd9c/reports/9fd4616e-0082-4f5c-b894-8c1d3705a365/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/7b6b6698ff3347c2bcaa7535d72543dd708358f1c2d01ae8409d28b94c088dbe

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/22c72cd5-fe91-4a2f-b8f8-0084d0e41dfd

Result

Threat name:

PrivateLoader

Detection:

malicious

Classification:

troj

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1258490

Signature

Multi AV Scanner detection for submitted file

Yara detected PrivateLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7b6b6698ff3347c2bcaa7535d72543dd708358f1c2d01ae8409d28b94c088dbe/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pnvwngh7gnd4fpfkou25ojkd3vyigwhrylibv2catuulstairw7a._file

Verdict:

malicious

PrivateLoader

e0d5e662bb29b62dc06e8c1c5ed07beb282ee6bb61b1fba4fb9393dd3cac4645

PrivateLoader

Result

Malware family:

n/a

Score:

7/10

Tags:

pyinstaller

Link:

https://tria.ge/reports/230620-vs48ladc24/

Behaviour

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates connected drives

Loads dropped DLL

Unpacked files

SH256 hash:

a3bf2e56ca2569e690d91ca6c03fcd4e9097d5cd7bf676989f893515505b993e

MD5 hash:

17f2091d4d1645433bfbe0fb5132ef5e

SHA1 hash:

d1e92d03c0403adfa12cebf2b4f034f3769ea979

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

139ce1b6b3de88c478e66a1137985a4f7405d188d932ab419a6d824baf12e105

MD5 hash:

1455238d77eeea814c9c148222a236cf

SHA1 hash:

f39599b8182455a0c39fc275f0ace34f3e256de6

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

ee5fd310180b8363d3b39cdb8eeeb9543d2fd92b1df111dc2987924d5ecddee8

MD5 hash:

f6afca4650977fbc1c5c62b20e1875ee

SHA1 hash:

eaa640f4763a7fdc4a91c63fed5a1491ff918764

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

159f494ac963fdfa6f1f50c3beed6d351b09b6ec30b34451b4f15a033ceb832f

MD5 hash:

ccfb2b0cab32a2cbc3b72d560ea1dc01

SHA1 hash:

e9f86059c25b530f64a3e355e92647a76a3e880e

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

2a10ce1fcc6392c1313c8b75560bbb2cf26babb861c1fc3d78a70a488e58a48f

MD5 hash:

61d98d6cee3d92e34b32728148a9a367

SHA1 hash:

e4e3014e4a8fccfb5b13cbd3f64611939970c1d3

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

d01f1ca7ac28c5ce52d483bddcaec51acc96f10e3ea71f7eeadeb6d17b3a132c

MD5 hash:

48800ae60883bcb51f06278788fb017f

SHA1 hash:

e035dd2f6990b5f66f0ee39b44d9c28f530d2612

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

d691e6169509ce7e8c34f4cfae6aa838eedc29c121c62795eae6bf5358ff1d57

MD5 hash:

82bddabcc72c73870c653e7596405ea1

SHA1 hash:

d38b5debd9f06ddfa3543b764d71d8045c0f3e1a

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

02e09d3431701c40899e54854a0e5f784b0dc68643a15dbbec87ce88145540e0

MD5 hash:

9fe1b0370bf34c05f73cd3d1315da6b1

SHA1 hash:

d23dbd93b550149b9e8d9a7654baa9eb1f0c4d53

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

1c8cc3b7660bc12a6174257bfabe2a2981a7852990cf49fc7d8b7ec6299d6532

MD5 hash:

8b349cf15ac1db0d137bc15d5dcfb528

SHA1 hash:

cb3516a00b2df2001d92662e73d4f39fe7152b3f

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

24eb7f39b2198ea5be0eef37477d9ba393fc5bc23df30a9b774d1883f8c674f1

MD5 hash:

cf9d3210d09c74a1c4278f8be7f7fec6

SHA1 hash:

c80f2765c97bcb4ab714be31ea34e15d6b28125b

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

10b876f76474c3a7b5a0a01b270aa3da5ce6213c05e949032d2541c9721b60b1

MD5 hash:

4e2f52b8f0ccf38084e60da0239c6cef

SHA1 hash:

c5a2b5f6280774898c303bf17fec12c2e5975e7c

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

9badc99c6723456dc559880eb492eb2f44e14409ff379a6fac70417c179e9cc3

MD5 hash:

9992ae1c3fb3f217cded0364897b56e2

SHA1 hash:

b594c49f5f92028f34417f826473075d5b21a52b

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

2e48a168e1095eb42a2ae1670bb050977ba8bd243f98982c3dae3737d8b640c7

MD5 hash:

53a45ed59a6e718e5d120e9107855b74

SHA1 hash:

afd25b8ade170b8095bad16e53d7f5cce4ac6fdf

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

c44ffc0ea0d3df517b3f49b589bcf93d239c2886a979f1ff7646a95607101252

MD5 hash:

d30e90992f555e84d7429b399bfd7b84

SHA1 hash:

ac2a1e37ae9c63adb46100270c05930fa70aad14

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

7ab591151cbc2f26dfae2a0a48c9ac3325787725f7d50ea3710762d77d31ce07

MD5 hash:

66a6cd6ff51ba4bae22c336f494668d1

SHA1 hash:

914e65d7d2dc635e7f80ee6c113277c185c62a0b

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

6f765d574becf673084e66a6fef085130bd00c388ad52a2488ac4a1a1ee57426

MD5 hash:

d3b20f02a905b0334956158b806dc51a

SHA1 hash:

84534e18bf0547541482d37d5a95a7b1d9f3219c

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

5e756f4c8372e082c2a197c8f8b0137e4a5de60db2482352b3833d2319a9e696

MD5 hash:

b37f4c03a740a1474aabe794f825ce31

SHA1 hash:

7e5926e24b90387a2fa29f31027735ca328f9aef

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

f05d4fc71fd09b8f6544bf088217d865520196160c483b313060cb02c04b5b31

MD5 hash:

9eeb87794fa5f0779250ce8b98b3c0e2

SHA1 hash:

7be8121c66e00ef2ea609832badc81434c0931bc

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

68f6de641c347be6fcd94ed88c00da3d729d0dc0a8b5a1a593f0f91872fd70fe

MD5 hash:

9dde7e357dafd96c30dfda3d23ce94a3

SHA1 hash:

7bbf4b7c22f32fdab9237da3a3c52569b9e8c646

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

02405b7fe88b2990c84ae92a1442e11df3c00c755934bc962ee59a6e36c854a4

MD5 hash:

fb3f5303885fca7fc1041a6cfb161870

SHA1 hash:

720cc41e5f5bfed13c6c1e58772bb26c730a98bd

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

1751da83096ffc882272fc34afe6fc50d4245b16d6cd4686278e88e81a4b9811

MD5 hash:

86653eb97c6d1981caf8aadb3fe6b52f

SHA1 hash:

71b36c1a891c80e99e7b31b756d07bdc2c4b203b

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

8c4f8f23cb769e1f9791379cba8fe057e177ce899d3f5dba9aeb218884b68cc7

MD5 hash:

9b3370fec124aadd94e6ca7fc55b3283

SHA1 hash:

61e245a198605303505480f7464516f4876b980e

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

01b99e679bbce1f3780195faad2d2470f3c31a7d6b2ad556f150ab54e178a174

MD5 hash:

260eb0c7ccc1d4b3e9fd165d5a2adb12

SHA1 hash:

61c72d70bd2b1ef33ee982300754df9058709d68

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

8f92777a87a7a07cf2fc75c0a6156395c8e9faa7e48aa193a6c76f3b31651eaf

MD5 hash:

897ed4c0c5684d146e709b57b58bb7cf

SHA1 hash:

4b89505b1decae43705d446bc7bd0b234a717b9e

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

2e9568315492103a0f872c2ab106207e9c6dddad2527286061b9ee2552a90528

MD5 hash:

9e9ecac37c328f0f1ca37798a57ac8fa

SHA1 hash:

43fe8bd21056a3406451f44650bcf4ef9a5da308

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

2871acf3d07b9000b90ac5ab32d46c93b77b7fa713852082b47562b0defe8fb8

MD5 hash:

f6a75f98bce50b98e812ec9c465ed165

SHA1 hash:

3c971ca9a8af713343946d224ae2f8e5b92d4cb6

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

2b2476044aa759e13c324eb6d197588018dd444fc7439fd502a3b83e6a177f96

MD5 hash:

0f548710c4f217d995f3fb519dfcda58

SHA1 hash:

38a99087240d28dc35f5e48890c42ca47bb49951

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

8d1850a2438b042bf52242e3fa663fbec543f88c890a293254e4f49518755486

MD5 hash:

4d2701abb387e2aad09dafeb85b081d1

SHA1 hash:

2a2ca706e5b603d14a1293cb510389b657067efa

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

d1db771d0490661d267a2a28429a2458e2bbd0bf967236ef683586afeb76ef9f

MD5 hash:

07bd5f804122f864a7778f84719fd187

SHA1 hash:

1fda807dde0cea274ba237bc573bdd08e85f157c

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

3eef91e5f248a04476e2b1e8585b79905c61529effff343fc4240ecb2b94e489

MD5 hash:

2740182008f5251f6f695eef8cc28822

SHA1 hash:

1e55912c83593ff752b81882f7103c7b8b4ba3e8

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

334b195266f98f93b730a58b304db21867c575a5200d2e96591ff66fec287041

MD5 hash:

379f24002dbc50796b5ccea5b63ff532

SHA1 hash:

14fb8fdedfd1a5bda44135260b2004cefcb605a4

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

e57c20ae2ba7cdc762f60d07a8e292a81f1d75397a1d087fe328829f5fb8d61d

MD5 hash:

f975a28c22b37d8afc089c720ea4b769

SHA1 hash:

114b54d54633156e7fe2fc28cb06029f2cdb99db

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

8ce564d80becef5e7b38f0f69f00cd755a3b4f8e861ea085702dc538867fbe3f

MD5 hash:

9f2c9d8a68498fca35e9393570564789

SHA1 hash:

0c7be1ddfbfc7669e61c7b3032f3debcf7a5cbc2

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

ed11dd03e25d7ca1305017092904d22ceefb8e31452d074fba598b7df0f0f9e1

MD5 hash:

9e3263e14c32131b6570288707ade7e7

SHA1 hash:

00b05b0629b1e4bff01539b3616b1bf0c0f32c12

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

SH256 hash:

7b6b6698ff3347c2bcaa7535d72543dd708358f1c2d01ae8409d28b94c088dbe

MD5 hash:

815656eb152af806cff18eec503b82ac

SHA1 hash:

bfb3f9c831bd6dc1614f92066049409b4097cf43

Link:

https://www.unpac.me/results/33513444-3675-4cad-86c9-9548aee8c6bd/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/7b6b6698ff33/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7b6b6698ff3347c2bcaa7535d72543dd708358f1c2d01ae8409d28b94c088dbe

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	meth_get_eip Create hunting rule
Author:	Willi Ballenthin

Rule name:	meth_peb_parsing Create hunting rule
Author:	Willi Ballenthin

Rule name:	PyInstaller Create hunting rule
Author:	@bartblaze
Description:	Identifies executable converted using PyInstaller.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/401154/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample