MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c9eeac634ce6e1fb9079de077d07df63062a38626c59243f5b24f1d8924d60a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adware.ExtenBro

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	7c9eeac634ce6e1fb9079de077d07df63062a38626c59243f5b24f1d8924d60a
SHA3-384 hash:	b2cc7a9cda313fe758495e2ea20d906f005bd6eddceadb2104b08383368abbfa74542cb74d66da03c1ec65dd15204d85
SHA1 hash:	caee08134f0925286048afaee7eeaa2d46fd667a
MD5 hash:	9193f99d1c6934fe47a436735f879931
humanhash:	finch-violet-finch-indigo
File name:	SecuriteInfo.com.Trojan.PWS.Stealer.28423.25279.5140
Download:	download sample
Signature	Adware.ExtenBro Create hunting rule
File size:	1'934'985 bytes
First seen:	2020-05-25 11:47:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	eb5bc6ff6263b364dfbfb78bdb48ed59 (54 x Adware.Generic, 18 x RaccoonStealer, 8 x Adware.ExtenBro)
ssdeep	24576:BTfEsP85DgJrivY05+QazQnxxkAVEhS9pwbRmvez1nwiyPKNjrth2Z5pHSAMSYEQ:FcsQ6QNnxEgp+kEt/yiJpSbSAMN
Threatray	18 similar samples on MalwareBazaar
TLSH	8695D027B299A53EC45E27364573A01059FBB6ADF417BE1627E0C88CCF760C01E3AA65
Reporter	SecuriteInfoCom
Tags:	Adware.ExtenBro

Intelligence

File Origin

# of uploads :

1

# of downloads :

110

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Exe-6

SecuriteInfo.com.Trojan.PWS.Stealer.28423.25279.5140.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Socelars

Status:

Malicious

First seen:

2020-05-09 16:18:57 UTC

File Type:

PE (Exe)

Extracted files:

9

AV detection:

23 of 31 (74.19%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

213ccc660b77060313c9842e1d2d0215b5909235d54140daa21f0110c50e4715

Adware.ExtenBro

39067a6a8ac06d60189b34afbb9acd73e8e33aba91653c39a037c2f78f972f29

Adware.ExtenBro

50119da56e84ae4baa207a9391a0143fe5aa66c212aeba08e2d6d864af0a0d83

Adware.ExtenBro

593f6f872a3f5c378bc43383cebcf468f3469dedd09e3ad9bd0c3e6ae266549d

Adware.ExtenBro

89b6341763b7e43e9616702513b7261434ce1042652403cddf2195bce2000c1b

Adware.ExtenBro

8e7116f27e8c84422d2d5612765b45166a1a1144774a52e5107d74a7884e758f

Adware.ExtenBro

c5c84d138c5e86520dbeb383c1a17b98019af4f6b7da75a178674208587244a6

Adware.ExtenBro

e920835548ad7b62943d9e1f9fac3cb32112b9cf8c02acbeb8d60c17e08c0818

Adware.ExtenBro

eaca8287ec8d461a944da43f061dd197225ff77979c8acc7017bb1ea8301f3b7

Adware.ExtenBro

ee86f083fdb8d5e2f4d1d609faf964fa08a01875bc0abb364aeb09bb83c35f8c

Adware.ExtenBro

+ 8 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

discovery upx

Link:

https://tria.ge/reports/201109-9qnqrjjhgj/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Checks installed software on the system

Loads dropped DLL

Executes dropped EXE

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Adware.ExtenBro

exe 7c9eeac634ce6e1fb9079de077d07df63062a38626c59243f5b24f1d8924d60a

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/367831/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample