MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b6ebb8c45b9da5e1253fcd5dbcf770726caaf901240fa9b632156df21795c1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

OnlyLogger

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	7b6ebb8c45b9da5e1253fcd5dbcf770726caaf901240fa9b632156df21795c1a
SHA3-384 hash:	8b8c22c9a948ce1fd6ad2ff71c41a895f670c23f8335ffa26303a3270860e276f1be5084151be2f7953c27d9a7a1e1e4
SHA1 hash:	ac220091ee274e285a84f465797cf0de426c2c95
MD5 hash:	db4a99a2222cd4ff1e38cb7a167e6782
humanhash:	harry-aspen-timing-stream
File name:	mixazed_20210815-193857
Download:	download sample
Signature	OnlyLogger Create hunting rule
File size:	205'312 bytes
First seen:	2021-08-15 17:49:49 UTC
Last seen:	2021-08-15 18:58:57 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	675f985c31bb43cb925f7664d8fe06b7 (7 x Smoke Loader, 4 x DanaBot, 2 x RedLineStealer)
ssdeep	3072:s9L515GAXnHiMdMVC+urBN5D0TL4BNg9R7Tc/muJ+VziGZ7yz:UL1CKMahPsc/mJVg
Threatray	4'429 similar samples on MalwareBazaar
TLSH	T13D14C01DB98FC0F2E341753004B3CBAC192DAF10D9534A7B2B852A6F5F30EB1566629E
dhash icon	4839b2b4e8c38890 (137 x RaccoonStealer, 37 x Smoke Loader, 30 x RedLineStealer)
Reporter	benkow_
Tags:	exe OnlyLogger

benkow_

http://iplogger .org/1PZN77

Intelligence

File Origin

# of uploads :

2

# of downloads :

159

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

mixazed_20210815-193857

Verdict:

Malicious activity

Analysis date:

2021-08-15 17:51:03 UTC

Tags:

evasion

Link:

https://app.any.run/tasks/cf50062f-2af8-4330-bc59-084f7c49a08b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/179358/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware1.1820.26758.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Connection attempt

Sending an HTTP GET request

Sending a custom TCP request

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/6d57c806-d4c8-4193-b8b7-5ec914b20cc2

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/833180

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

May check the online IP address of the machine

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7b6ebb8c45b9da5e1253fcd5dbcf770726caaf901240fa9b632156df21795c1a/

Threat name:

Win32.Trojan.Azorult

Status:

Malicious

First seen:

2021-08-15 17:50:06 UTC

AV detection:

17 of 28 (60.71%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

06d2ef3f80066d655c788069de3098105f6128e388e43baf73e2d9bf69365ce3

352d461ee47bb9c6618eb86b1e8b10721c0b0dfd4a4b3e85dfb939f6d101e942

39326cdd0c863e1766ecc3d119ec18fdaa93ef886cfbc887f76784f745df73e4

5a08fbf3635e557182b59aba6d21a974aa712ea0e90b023cbf76519ea52959aa

654e5fbb0f6165cdad48fd843ec274d63507133e0f27dab5b535efa1b56b0125

bff4375a0d35102b53ca3dbc8811638091b9b2df65bec2b7fc6a38cbf50d0a45

c5fc8453bf6cdd3e96740b1616ba2f6b359710ce2eb32f02faf8c0e299a0a057

e6b40778ee94d968e5f4e5e9db07e334900638d64e796c1d1d84ef320091a96d

fa672023199c6e77e72f417edcebb8940744f7b2cd31ee452003e11dad7c8564

fd58afa96d56df9d4bb20955601fc4b7e379b9964eccf31cb1904252f709dbc7

+ 4'419 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://tria.ge/reports/210815-41ga9lcj7s/

Behaviour

Legitimate hosting services abused for malware hosting/C2

Unpacked files

SH256 hash:

69876ee4d89ba68ee86f1a4eaf0a7cb51a012752e14c952a177cd5ffd8190986

MD5 hash:

ac67562b92c442bcc9cf89dae3db0339

SHA1 hash:

983dc50e3cea1b27f7ee0fabb93ded2be949c988

Link:

https://www.unpac.me/results/debd7063-3da2-4fd8-883a-46d3368417aa/

SH256 hash:

7b6ebb8c45b9da5e1253fcd5dbcf770726caaf901240fa9b632156df21795c1a

MD5 hash:

db4a99a2222cd4ff1e38cb7a167e6782

SHA1 hash:

ac220091ee274e285a84f465797cf0de426c2c95

Link:

https://www.unpac.me/results/debd7063-3da2-4fd8-883a-46d3368417aa/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7b6ebb8c45b9da5e1253fcd5dbcf770726caaf901240fa9b632156df21795c1a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

GCleaner

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/179358/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample