MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8242e6cce9886c956e4e5fa1c3963f894665766c77e02aa40b7c7c9ac40e1fe4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8242e6cce9886c956e4e5fa1c3963f894665766c77e02aa40b7c7c9ac40e1fe4
SHA3-384 hash: 2a7217d462f266a6fb15c0778b86908470de1cd3c3845d84b5975ed79bf7c6e615ed5cabf5c9e9ed2da17c6f31776364
SHA1 hash: f0cee716105832be415932dafaf1c3b5c97309b4
MD5 hash: 0bb5d29b639a0c56a45079cbcdc332c3
humanhash: king-eleven-cardinal-nuts
File name:TwitchUI.exe
Download: download sample
File size:5'972'992 bytes
First seen:2022-12-20 17:30:51 UTC
Last seen:2022-12-20 19:29:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 571ce22ffdf06978a0f17770bcb38d65
ssdeep 98304:hDBFQbt0mB3YbVicAvsrwd4YYtzocpSuZF2RNQ1eFDrm2L7VrL8a36efZb7:9QbpBIbkxUrs4YYtRfyNQ1eFDCuxRf
Threatray 16 similar samples on MalwareBazaar
TLSH T1A356F1F99F43F051E4F55F3C443E73302F577AB69065C3E199A9982E8ABAC718289390
TrID 40.3% (.EXE) Win64 Executable (generic) (10523/12/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4505/5/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon b2206970f8dce0f0
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
186
Origin country :
TR TR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
TwitchUI.exe
Verdict:
Suspicious activity
Analysis date:
2022-12-20 17:33:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0accd64a-7378-47b2-a1a2-ee6221fec680

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/348459/
Detection(s):
SecuriteInfo.com.Variant.Lazy.206311.6378.22421.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending a custom TCP request
DNS request
Sending an HTTP GET request
Creating a window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
explorer.exe greyware packed
Link:
https://www.filescan.io/uploads/63a1f158d08604621c208b69/reports/ce3648fc-d8b4-454a-b144-d570f1900352/overview
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9b6d0e02-2459-4652-9dd1-31707099fbf4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1138139
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8242e6cce9886c956e4e5fa1c3963f894665766c77e02aa40b7c7c9ac40e1fe4/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2022-04-11 23:19:16 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qjbonthjrbwjk3sol6q4hfr7rfdgk5tmo7qcvjalpr6jvraod7sa._file
Verdict:
malicious
Similar samples:
2bcc54ed052152ac1fb77d9c8740f4ab87e3e59f3cd82e232df64c38b369f057
34780db137a84afc3d8957def954127c724fba4187055e49b875481203b68163
4b8e43a1cee980394eb2845ea6657b376746b84b52bbd3d2ea062cbdfb292d5d
523c73801cb0175c81f507010d68ba97fc644a6ff84e5e6c0a79d5ec0b012b10
88e1fbd4e5494e3c2766300e8bab97edb08f3c7315c3d914b7d8b2dac25f8986
cc8238f4425e62f6c878a84ac794db812c619508dc916e2bde50f7a5f6152ba5
cde83c58766ae18bd516cfa78098c411fd1d0ebff083896f35fc33b10afa0e50
dcdf6845df1e1aed6f335dd6f2a3ff7351984522235937e5c4a1c746c7fe4371
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/221220-v3q4qade9s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Looks up external IP address via web service
Unpacked files
SH256 hash:
8242e6cce9886c956e4e5fa1c3963f894665766c77e02aa40b7c7c9ac40e1fe4
MD5 hash:
0bb5d29b639a0c56a45079cbcdc332c3
SHA1 hash:
f0cee716105832be415932dafaf1c3b5c97309b4
Link:
https://www.unpac.me/results/cf4f066c-4110-4baf-aada-3a42c634a740/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8242e6cce9886c956e4e5fa1c3963f894665766c77e02aa40b7c7c9ac40e1fe4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/348459/

Comments