MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f92d9a3f02bfc364bd192171393cf46ec8fb205540025f7812d6c2385ff706f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f92d9a3f02bfc364bd192171393cf46ec8fb205540025f7812d6c2385ff706f
SHA3-384 hash: 62468f35a34f04caf5330cb804a00be3f43ae38590e95479c3b49a4df8f3d1df922ad825dd1d0e7a66f74d4e961f9653
SHA1 hash: abbbaa13ca75ac8dd6d35335b84ee9bdd8f8caab
MD5 hash: d7cff6b7b2c63534b801e161cd11e316
humanhash: massachusetts-black-gee-massachusetts
File name:d7cff6b7b2c63534b801e161cd11e316.exe
Download: download sample
File size:2'702'708 bytes
First seen:2022-04-14 11:50:38 UTC
Last seen:2022-04-20 10:21:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 00be6e6c4f9e287672c8301b72bdabf3 (116 x RedLineStealer, 70 x AsyncRAT, 55 x AgentTesla)
ssdeep 49152:V5OOk65xo4Ygz/vgj88MVvFSXLyLUSMpftCiEETqH16e9V:V5TV/7WtM1zLUSy1aEWD9V
Threatray 1'492 similar samples on MalwareBazaar
TLSH T1E8C52342F2D748F0E5330A391758EB556939BD302F258B5FB7885E1CEA220C1EA15BB7
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
249
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d7cff6b7b2c63534b801e161cd11e316.exe
Verdict:
Malicious activity
Analysis date:
2022-04-14 11:57:07 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4d4c3ddb-da2a-4fde-9b11-8b7a165ef14b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/263699/
Detection(s):
SecuriteInfo.com.Troj.NanoCo_TZ.22029.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the Windows subdirectories
Creating a window
Searching for the window
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/13871/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed packed setupapi.dll shdocvw.dll shell32.dll update.exe
Link:
https://www.filescan.io/uploads/62580aadffe27d5119cdba39/reports/0b80b084-ec58-461b-b0c6-09a5c20364af/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c64563ea-e592-4bd4-b237-a3ef4f4cdb3a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
45 / 100
Link:
https://www.joesandbox.com/analysis/976823
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f92d9a3f02bfc364bd192171393cf46ec8fb205540025f7812d6c2385ff706f/
Threat name:
Win32.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2022-04-14 11:51:14 UTC
File Type:
PE (Exe)
Extracted files:
20
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0eb41e962d7be24fe14670c0bda3283dd6db00bbe813d1d93da23c125af8e4dc
1c9ac73de149a9df1d58572db60bfa8824470f11c109ea55b91aada0d6c8a2a6
3046d9e6d364bf2dbb3d67251919fa792769c87dbe2a36cb76faf5217fe32137
39a0ad9117de868c1aa3f891c58e750ef8688b829582c08c4c39098b94bf4f9c
3b671c3d24db562f33df95a58e3aa4a74c33cc07a4a609804d1d11fab98c18cc
70d991e7c073c8d0706a8daa9b78aa7684c8c856989b66b53f2a3b79dfa1f814
982cf9ea20248fe7a489611a7c7e64fe1603d2517a007610c7b24e407881cb5f
bca94673146a9b4a47b85b41808b4068ca5e0b15b42deda0dc31a1db9f6b5e7a
be229bdaf4ed159fcee3b29cf41851f25ce584b88aac09aaad69bf51e1b14577
c2c3851dfab3b0b959145307759d5ed1cb64d92b7e0af87b79f0df0ee7b71e38
+ 1'482 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220414-nz5pdacdhk/
Unpacked files
SH256 hash:
0789c07a8246e30ecc31f72b8e8afc0631c299a5df7ef437cab2c0fa37c3bbcf
MD5 hash:
378db9c55c727c6529c250c0b8c8a0b9
SHA1 hash:
95e08489a557d95df10d9882d02ab954165f76f6
Link:
https://www.unpac.me/results/4739ac62-fe37-418c-bf06-14e2eda88794/
SH256 hash:
7f92d9a3f02bfc364bd192171393cf46ec8fb205540025f7812d6c2385ff706f
MD5 hash:
d7cff6b7b2c63534b801e161cd11e316
SHA1 hash:
abbbaa13ca75ac8dd6d35335b84ee9bdd8f8caab
Link:
https://www.unpac.me/results/4739ac62-fe37-418c-bf06-14e2eda88794/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7f92d9a3f02bfc364bd192171393cf46ec8fb205540025f7812d6c2385ff706f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_Themida
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with Themida

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7f92d9a3f02bfc364bd192171393cf46ec8fb205540025f7812d6c2385ff706f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2136903/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/263699/

Comments