MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b8d5d1e6f9b798bf0dcd37512dacf9be2f0c74daa03836d985e3fd4a5d8110d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PythonStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b8d5d1e6f9b798bf0dcd37512dacf9be2f0c74daa03836d985e3fd4a5d8110d
SHA3-384 hash: 7e6ba51601738a66ba8e33ecc7c5515f46e64223d7ab17507a46b6c506292bb60bb6542a50b96068c70d57cd7ae437ba
SHA1 hash: fdb2b66544b363124cdcb21f79575880e35c7c7c
MD5 hash: fb048e303e4588da42cf11f348bbfb45
humanhash: princess-black-three-four
File name:file
Download: download sample
Signature PythonStealer
Create hunting rule
File size:9'389'056 bytes
First seen:2023-12-21 16:03:07 UTC
Last seen:2023-12-21 18:05:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 22fb7e12ef0e3575df1d5b6564aa32c9 (2 x PythonStealer)
ssdeep 98304:bWCnUFTCKU8qHRxUXhLpKvEFMNCvE5BqxiHnqu2eeeOkPM8vakbRVADwmDIMbG0r:bW/FbecxxutOkbCkohcMaVpogCT3
TLSH T131963304B3B25CE8ED16947EEA445392A2B1FC260360E4DF47F0A6665F477E4AE367C0
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 6192a6a6a6a6c401 (17 x RedLineStealer, 11 x PythonStealer, 9 x DCRat)
Reporter andretavare5
Tags:exe PythonStealer


Avatar
andretavare5
Sample downloaded from https://vk.com/doc418490229_669653354?hash=l8DHCu4lEp9Sb8CTCk5eithtVIhhbBkli1pjUtPjJNP&dl=7vSjZ36UYD1hlgYVc9MzZLLGmShUHLSQatIOzo7OZBg&api=1&no_preview=1#logger_statistics

Intelligence

File Origin
# of uploads :
9
# of downloads :
297
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468815/
Detection(s):
PUA.Win.Packer.Nuitka-9992781-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
expand lolbin packed shell32
Link:
https://www.filescan.io/uploads/658461f56b1c246046fff07b/reports/5d9239f0-5e99-46ea-8716-ee62dd8d29a6/overview
Verdict:
Malicious
Labled as:
Tedy.Generic
Link:
https://www.hybrid-analysis.com/sample/7b8d5d1e6f9b798bf0dcd37512dacf9be2f0c74daa03836d985e3fd4a5d8110d
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/db7dc07b-f58f-4bfe-9c37-705aa177694f
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1365655
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/7b8d5d1e6f9b798bf0dcd37512dacf9be2f0c74daa03836d985e3fd4a5d8110d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b8d5d1e6f9b798bf0dcd37512dacf9be2f0c74daa03836d985e3fd4a5d8110d/
Threat name:
Win64.Trojan.Privateloader
Create hunting rule
Status:
Suspicious
First seen:
2023-12-16 17:07:52 UTC
File Type:
PE+ (Exe)
Extracted files:
8
AV detection:
15 of 22 (68.18%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pogv2htptn4yx4g42n2rfwwptprpbr2nvibyg3myly75jjoycegq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/231221-thy36abafn/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
7b8d5d1e6f9b798bf0dcd37512dacf9be2f0c74daa03836d985e3fd4a5d8110d
MD5 hash:
fb048e303e4588da42cf11f348bbfb45
SHA1 hash:
fdb2b66544b363124cdcb21f79575880e35c7c7c
Link:
https://www.unpac.me/results/9dce56fa-0796-4875-ac68-cf33ef69b91a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7b8d5d1e6f9b798bf0dcd37512dacf9be2f0c74daa03836d985e3fd4a5d8110d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/468815/

Comments