MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8003300a0cc3a9582a04152e53b32d7b7bad9fc908916415ea6ed08c7694f820. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	8003300a0cc3a9582a04152e53b32d7b7bad9fc908916415ea6ed08c7694f820
SHA3-384 hash:	3fb762ab3fbe0a959a307b6d4796c367339be17b2bfb58244906ab9f1b1591c62e9748f3b47fce3dedcf11c64ee14a39
SHA1 hash:	06c11d3a236b6ad9a93cf1c3cd2068b944d5303b
MD5 hash:	9bab2183af6e73028f05d13a48fd69ed
humanhash:	may-oklahoma-item-twelve
File name:	file
Download:	download sample
File size:	2'655'448 bytes
First seen:	2022-12-06 16:23:18 UTC
Last seen:	2022-12-08 12:26:50 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e938cf895f4033bfe19de42d5b79b0de
ssdeep	49152:lrRtYK3J4AE6NbAq9Falf90Dhh1+uSb9Kdjl1itpsKDuUzObZXrW2Ndjz:lrRtYX36NbrFa593uuMl1itpBuUzObZX
Threatray	33 similar samples on MalwareBazaar
TLSH	T176C58C58DA0390BED82304F1067BF6FF9520963548E08D5BEA8CDDB4AE72DA2531971F
TrID	37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 12.7% (.EXE) Win64 Executable (generic) (10523/12/4) 7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://vk.com/doc767542893_650957303?hash=GjgYjcc4xIO4bQ8GIa4IVocxME6eY04q8yf8URxGW2P&dl=G43DONJUGI4DSMY:1670343090:bbPvMOnVcFgw4xcUfQvlpGQJBEQM7J3OQaORLtyTSqc&api=1&no_preview=1#105_14

Intelligence

File Origin

# of uploads :

# of downloads :

201

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

Suspicious activity

Analysis date:

2022-12-06 16:23:57 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a05657d9-f6a2-4f9e-b9f5-18b02ce40359

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/343536/

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.26934.17298.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Changing a file

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug hacktool overlay packed

Link:

https://www.filescan.io/uploads/638f6ca4f6e448d42df76e4b/reports/c8144f19-7e4c-4a49-a4f6-17f206d49266/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/59e2798d-b0c3-4311-bd96-a6a0db529fa7

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

spyw

Score:

24 / 100

Link:

https://www.joesandbox.com/analysis/1129097

Signature

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8003300a0cc3a9582a04152e53b32d7b7bad9fc908916415ea6ed08c7694f820/

Threat name:

Win32.Adware.RedCap

Status:

Malicious

First seen:

2022-12-06 16:24:12 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

16 of 26 (61.54%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qabtacqmyouvqkqecuxfhmznpn523h6jbciwifpkn3iiy5uu7aqa._file

Verdict:

unknown

1c35a69722c777c8d255e7b0a6fc0d0667d788fea2121a41d00ad91fed42c17c

4e03b2deef682173ffa436566ddf905dbff708ed61a911ce5dd97a47e0a98362

6485a029e9a15283f4834f89dfbbd87b19a77629a9a7eba0fd6639562e11208b

84565046d0a0bf9a0bc5576da0e9569012388a196c85156eaae28539bf4063b4

93c37274d14ecdf415aaeed8516bcb3486b68173a97525d4936f94685011e870

b5f88be0b9fd378f3c3dbba5c0190bbf70f5c449c9181ebf9a74414e38cff1be

d53858652b5a1d5c9b30f70f85db725b10494564bf08136cd8afdc7f7788f2bc

fc708c22acda37fb50cea6d603cb794852d8311349970461b178ff66dedccc0b

+ 23 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/221206-twddlsgd71/

Behaviour

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

8003300a0cc3a9582a04152e53b32d7b7bad9fc908916415ea6ed08c7694f820

MD5 hash:

9bab2183af6e73028f05d13a48fd69ed

SHA1 hash:

06c11d3a236b6ad9a93cf1c3cd2068b944d5303b

Link:

https://www.unpac.me/results/bbd42ee8-35c1-47fe-bfda-7be00053aeb5/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.49

Link:

https://yomi.yoroi.company/submissions/8003300a0cc3a9582a04152e53b32d7b7bad9fc908916415ea6ed08c7694f820

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/343536/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample