MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e33dd313ed09a15c81af55ee0997031caa3da8fba8c31c3859bc95e52559ff3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	7e33dd313ed09a15c81af55ee0997031caa3da8fba8c31c3859bc95e52559ff3
SHA3-384 hash:	aef5e59359b969752c61451c65876d110683a47abcb48eeb68352624c4e11c66111a06dad0f52d22ade784b775e82872
SHA1 hash:	4d77f0d31e994d3baeba164238634cadaf95fb77
MD5 hash:	c9a36a7e0bf431dafe139b1cc18609ed
humanhash:	saturn-failed-wisconsin-twelve
File name:	SecuriteInfo.com.Trojan-PSW.Agent.26016.7220
Download:	download sample
File size:	4'371'968 bytes
First seen:	2024-02-11 20:27:52 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	98304:6PSzwcdHYUcyX4eHU0hU/cSuijBf1ULKPQ1w9VOO6GQgjIkU:WS0cJ59U0hUkx6f1g1w9CGQ2I
TLSH	T17A163387D022763AF4D4533CBA34590A7AA8507B5469E205491BC3ACD378CD2B3F67BB
TrID	55.2% (.EXE) UPX compressed Win64 Executable (70117/5/12) 21.3% (.EXE) UPX compressed Win32 Executable (27066/9/6) 13.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 3.9% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.6% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

399

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/475764/

Detection(s):

SecuriteInfo.com.Trojan-PSW.Agent.26016.7220.UNOFFICIAL

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Launching a process

Creating a process with a hidden window

DNS request

Connection attempt

Sending an HTTP GET request

Creating a file in the %temp% directory

Searching for the window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug masquerade monero packed packed packed upx

Link:

https://www.filescan.io/uploads/65c92dd4ac375bec15e44388/reports/7118e9f0-6468-4e71-90ef-0a637e196283/overview

Verdict:

Suspicious

Labled as:

WinGo/Kryptik.DN trojan

Link:

https://www.hybrid-analysis.com/sample/7e33dd313ed09a15c81af55ee0997031caa3da8fba8c31c3859bc95e52559ff3

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/11f2a09a-1774-41e2-99e7-ebf75b8e03e3

Result

Threat name:

n/a

Detection:

malicious

Classification:

spyw

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1390445

Signature

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Score:

97%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/7e33dd313ed09a15c81af55ee0997031caa3da8fba8c31c3859bc95e52559ff3

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7e33dd313ed09a15c81af55ee0997031caa3da8fba8c31c3859bc95e52559ff3/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2024-02-11 19:56:29 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

13 of 24 (54.17%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pyz52mj62cnblsa26vpobglqghfkhwupxkgddq4ftpev4usvt7zq._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/240211-y8zvladb84/

Behaviour

Detects videocard installed

GoLang User-Agent

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Looks up external IP address via web service

Reads user/profile data of web browsers

UPX packed file

Unpacked files

SH256 hash:

3b3d78e9e641469d17576f19b221bf574e454302a2c7de06b06a60fdc6ed19e4

MD5 hash:

ced5b4919800640262f556dd0eb3a669

SHA1 hash:

b4d609e4aba069cbf67dfac74538f7bf40de4961

Link:

https://www.unpac.me/results/e7be2923-88d1-4eeb-bfd7-6fc1f94ddf99/

SH256 hash:

7e33dd313ed09a15c81af55ee0997031caa3da8fba8c31c3859bc95e52559ff3

MD5 hash:

c9a36a7e0bf431dafe139b1cc18609ed

SHA1 hash:

4d77f0d31e994d3baeba164238634cadaf95fb77

Link:

https://www.unpac.me/results/e7be2923-88d1-4eeb-bfd7-6fc1f94ddf99/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/7e33dd313ed0/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7e33dd313ed09a15c81af55ee0997031caa3da8fba8c31c3859bc95e52559ff3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 7e33dd313ed09a15c81af55ee0997031caa3da8fba8c31c3859bc95e52559ff3

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2759812/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/475764/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample