MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d925452811f4ee0b53d616338392008902ca1560853e74c02fe3544086cd8b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	7d925452811f4ee0b53d616338392008902ca1560853e74c02fe3544086cd8b5
SHA3-384 hash:	1b66e16157892ecfab1b6a88780afccffe4079cfa8d28d56ca4682805110651ce2cd45abbfeb88f1b9782196f403290c
SHA1 hash:	16632685062376bdb36649046618f653a51df242
MD5 hash:	75b8a9b43a965944e0143642482ab28f
humanhash:	tango-oklahoma-robin-mars
File name:	75b8a9b43a965944e0143642482ab28f.exe
Download:	download sample
File size:	2'820'734 bytes
First seen:	2023-07-04 07:26:31 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	2966f92d157c36f79b35f712e3a60302
ssdeep	49152:5uoyD07ZKMHsHC69EdAuXuF2JCUnfuWMc9l/+HQblXoELLh13A5o:oJ8DsHxPbehnft7yHQbOILL3r
Threatray	10 similar samples on MalwareBazaar
TLSH	T14CD52349A7E915F9E8B7963CC8424A42D6B6BC061721CBCF5364526F3F23790AD3A331
TrID	92.4% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39) 3.6% (.EXE) Win64 Executable (generic) (10523/12/4) 1.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 0.7% (.EXE) OS/2 Executable (generic) (2029/13) 0.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

277

Origin country :

NL

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

SecuriteInfo.com.HEUR.Trojan-Downloader.MSIL.Agent.gen.26726.31191

Verdict:

Malicious activity

Analysis date:

2023-07-03 20:31:33 UTC

Tags:

opendir loader

Link:

https://app.any.run/tasks/0d9e580a-d9b9-4f3d-b60d-4429a801a7b9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/406296/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a window

Сreating synchronization primitives

Searching for synchronization primitives

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/95478/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-vm greyware lolbin overlay packed replace setupapi shdocvw shell32

Link:

https://www.filescan.io/uploads/64a3c9c951710bcd8d441e46/reports/bbcac059-7c7d-4866-b885-a4d98a3a4ec6/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_70%

Link:

https://www.hybrid-analysis.com/sample/7d925452811f4ee0b53d616338392008902ca1560853e74c02fe3544086cd8b5

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/afa416fb-d199-4429-bac4-fc9860a5194f

Result

Threat name:

n/a

Detection:

clean

Classification:

n/a

Score:

3 / 100

Link:

https://www.joesandbox.com/analysis/1266421

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7d925452811f4ee0b53d616338392008902ca1560853e74c02fe3544086cd8b5/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-07-03 23:08:10 UTC

File Type:

PE+ (Exe)

Extracted files:

17

AV detection:

7 of 24 (29.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pwjfiuubd5hobnj5mfrtqojabciczikwbbj6otac7y2uicdm3c2q._file

Verdict:

unknown

Similar samples:

311f57a006abd7d319bec7dec2b591280a573a039223a48f62ba95da028857a2

35e5460c102ca2f996d61d70d6bb06fb87014f7d2beccf35f3812ea534acd9d5

5b6520c7b6cc8b183b108b0fdf12fe349b82fc060100e49019ac734b268456d0

8c1a342e5f439cce2ddc595f7bd8c21f7d53576539493ea643df7edcf6d710d6

8f255f2f7f73513fc2fc55f04a0c1ceb17b024853720bc359227f33e69a60085

9b4c9c84d6ddc0ef3a817f2b7ea0a126297ccfbaf459f8014da7231523e9a27f

b25ae1db93e568ba7a07c876e4f8af316078b05dd67a994ff79fee997a7a46ab

ca44df96fa5358ce6c4a8879dd896a9b8a3dc870ecdef13be232f114afef9f57

e06b212b0c26d4f385a3623c64820b3ea4bbd83065646a38d1f3e0cfdfbb0898

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230704-h931msda7s/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Unpacked files

SH256 hash:

7d925452811f4ee0b53d616338392008902ca1560853e74c02fe3544086cd8b5

MD5 hash:

75b8a9b43a965944e0143642482ab28f

SHA1 hash:

16632685062376bdb36649046618f653a51df242

Link:

https://www.unpac.me/results/f7000279-9b93-4f43-8786-96758b76a804/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/406296/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample