MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c6dd1cb75d98d015ee5a2238e5ae0ae89bab20f8a03de74af74f2dbb4753944. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c6dd1cb75d98d015ee5a2238e5ae0ae89bab20f8a03de74af74f2dbb4753944
SHA3-384 hash: 21c809124201c94c77649e5ee1a022864faa3ebc256c52addf5846c4683dfa01e60cd77da7bd6ec32220af0601675aca
SHA1 hash: 078bd220a2ea89c486e67e5df6b47688ee1866b3
MD5 hash: e8667f52e30bdf260e2c9946a39284fd
humanhash: comet-nuts-pasta-foxtrot
File name:e8667f52e30bdf260e2c9946a39284fd.exe
Download: download sample
File size:498'688 bytes
First seen:2021-12-10 08:14:19 UTC
Last seen:2021-12-10 11:20:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:OaUH1aYgxhfVHNX7w9qeixsiFd/rWX6zAp29iiWsCHKvFh0HtNlqaL5BTY4C5MGM:O5H8YW
TLSH T10BB4D09C715072DFC85BD4729AA8DC78AB516C7B831B420391E71DABBE0D997CF180B2
File icon (PE):PE icon
dhash icon 0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e8667f52e30bdf260e2c9946a39284fd.exe
Verdict:
Malicious activity
Analysis date:
2021-12-10 08:18:35 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7224b635-7baa-4690-ab4c-47913cf67953

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/213069/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Steam.23380.26020.12063.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Creating a file
Sending a custom TCP request
Query of malicious DNS domain
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
75%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/61b30c8a4d8e6f3a5e1eb38a/reports/1454daed-d388-4481-8dd5-b617431bf6e4/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/eb324177-7d22-442a-8778-769b7e6bbe56
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/905146
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
PE file contains section with special chars
PE file has nameless sections
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c6dd1cb75d98d015ee5a2238e5ae0ae89bab20f8a03de74af74f2dbb4753944/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-12-09 10:22:35 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211210-j5ktyahbdk/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
6572d458145643b570db55c08a8a7479fe13bb10342faea9ba4b4fcaeccd0aa9
MD5 hash:
be63695cfec1efac02870f9fe5e5a65f
SHA1 hash:
9ba16b618c4d2e2aeca29aff9c66c27cb27ac81d
Link:
https://www.unpac.me/results/03ef03b0-a9a7-498a-bfda-9f1abc85f6d5/
SH256 hash:
7c6dd1cb75d98d015ee5a2238e5ae0ae89bab20f8a03de74af74f2dbb4753944
MD5 hash:
e8667f52e30bdf260e2c9946a39284fd
SHA1 hash:
078bd220a2ea89c486e67e5df6b47688ee1866b3
Link:
https://www.unpac.me/results/03ef03b0-a9a7-498a-bfda-9f1abc85f6d5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7c6dd1cb75d98d015ee5a2238e5ae0ae89bab20f8a03de74af74f2dbb4753944

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time
Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7c6dd1cb75d98d015ee5a2238e5ae0ae89bab20f8a03de74af74f2dbb4753944

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/213069/
  
URLhaus
https://urlhaus.abuse.ch/url/1871066/
  
Delivery method
Distributed via web download

Comments