MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b6f16085681fe8c39af2c9c2c2b4bfb8374660e7c5f5a840c503b0d05afe6fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	7b6f16085681fe8c39af2c9c2c2b4bfb8374660e7c5f5a840c503b0d05afe6fe
SHA3-384 hash:	91cd52ec0f745882c19583f157cd4051b8022ef290135b9ceea45f1787427b21b76df9fd2479f504d12e4838e3c71ac5
SHA1 hash:	73d76f681f094bb8284024f24e081363e42159c3
MD5 hash:	82d0e043d8efc37b122bd2a0289c8b18
humanhash:	pip-monkey-illinois-table
File name:	82d0e043d8efc37b122bd2a0289c8b18.exe
Download:	download sample
File size:	599'040 bytes
First seen:	2022-05-08 07:05:11 UTC
Last seen:	2022-05-08 07:36:16 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	bd6c087e94180526f5f9f8579d4f2ad4 (3 x RedLineStealer, 2 x TeamBot, 1 x Smoke Loader)
ssdeep	12288:teGFP/R2+Wl87MoZnOd1qGDoL2wu6y2x1Nl4wH9MwYQZG:tRp9WlQZnOd1DoL2Kjx1seVV
Threatray	61 similar samples on MalwareBazaar
TLSH	T1F1D4F100BB90D038F5B315F449B982ACBA3A7EF15B2515CF62D52BEA66356E0EC31317
TrID	39.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 29.5% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 9.9% (.EXE) Win64 Executable (generic) (10523/12/4) 6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	badacabecee6baa6 (95 x Stop, 87 x RedLineStealer, 62 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

233

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

82d0e043d8efc37b122bd2a0289c8b18.exe

Verdict:

Malicious activity

Analysis date:

2022-05-08 07:08:10 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/dedd0ab4-4089-4fb1-9b6b-abc9417b0ea9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/269317/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader44.58807.14278.1192.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Rewriting of the hard drive's master boot record

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/16686/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/62776bc5bd5c76586e1ece95/reports/37184148-d24b-40ff-b396-d495a7e46a0f/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Gathering data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

expl.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/989672

Signature

Contains functionality to infect the boot sector

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected UAC Bypass using CMSTP

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7b6f16085681fe8c39af2c9c2c2b4bfb8374660e7c5f5a840c503b0d05afe6fe/

Threat name:

Win32.Trojan.Pitou

Status:

Malicious

First seen:

2022-05-08 06:19:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

28 of 42 (66.67%)

Threat level:

5/5

Verdict:

malicious

7488777dd491486b1aea7ec37b6131334f94bc3f90261d91f06a5156f0530232

770f8cd0cae0a7525234dfc5b25f21b90090513d3f80fa06e8c22107ca8bbe01

7e95736b12f455cd096c0eff4a9dfa5b4e3c8108c55464447868ba4351e91fbb

b1a3602f2628080fa758575fba82bf62fd7de058055a9491f9eac87fda31a2e5

cab31c58eec5fac87df0c7cf52df12ab43280e4e8b9ee50fcde4017689c976b3

cf693fb0c08e8e23de98bb5b848e6ee6f359f1efb26d1488bb9030c899d45005

f40a47af762b5f2270be9a10058551c5a134a2f22210422ab53481569e08ac00

f898e35329ae242f1f8c0e64efde783e9742671336598ad9824073decae40f4a

fae0a0d40cb12f14a4eeaee7171c948688bed15ec8718de8c65834023ecac97f

+ 51 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

bootkit persistence

Link:

https://tria.ge/reports/220508-hw3sqaddam/

Behaviour

Writes to the Master Boot Record (MBR)

Unpacked files

SH256 hash:

84e72630846de776f4fca099faca59500751e877ef1e9e0f4c9ff73292f44b43

MD5 hash:

ce5b0d18a6bba7f3c206ae567723968a

SHA1 hash:

71691165b0e385fa616e59fb1af3021d511b4db5

Link:

https://www.unpac.me/results/70517ab8-6019-4927-8d7e-0564b76532e5/

SH256 hash:

7b6f16085681fe8c39af2c9c2c2b4bfb8374660e7c5f5a840c503b0d05afe6fe

MD5 hash:

82d0e043d8efc37b122bd2a0289c8b18

SHA1 hash:

73d76f681f094bb8284024f24e081363e42159c3

Link:

https://www.unpac.me/results/70517ab8-6019-4927-8d7e-0564b76532e5/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7b6f16085681fe8c39af2c9c2c2b4bfb8374660e7c5f5a840c503b0d05afe6fe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/269317/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample