MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89b4b266845420410683c6452a44e0aba4102d0f0e153893a2d1f74d047b6f0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 89b4b266845420410683c6452a44e0aba4102d0f0e153893a2d1f74d047b6f0a
SHA3-384 hash: f8d994eeab4c44f37ca2d090b25a42c359eb0e5e743c7b8c19758d48c12082191ee3aa72cda9b599888374739fcd8d65
SHA1 hash: 64c163da1f756aa9b19d7aba80cafa9e7520a8b0
MD5 hash: 613a31e6b50ebcd30e9e907b456b3774
humanhash: hamper-cat-chicken-stairway
File name:SecuriteInfo.com.BScope.TrojanPSW.Racealer.16188
Download: download sample
File size:763'930 bytes
First seen:2021-02-09 22:53:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 026cf4546ef25ed562257a6f87c8e6cf (11 x Conti, 5 x BazaLoader, 1 x TrickBot)
ssdeep 12288:lA3ksjTspv5KnHRBatHAzpGbjVuiUwAFgkLCn:lA3ksnsvgxBapAz4jVuPVQ
Threatray 14 similar samples on MalwareBazaar
TLSH 20F42513921DF56AE7B630F99AF9A0AF54152D10839B88F329E7906632083E07FF5C75
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.BScope.TrojanPSW.Racealer.16188
Verdict:
Malicious activity
Analysis date:
2021-02-09 23:04:03 UTC
Tags:
trojan trickbot loader
Link:
https://app.any.run/tasks/6be033cb-163a-4fb8-8e22-39216f83ff19

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/116349/
Detection(s):
SecuriteInfo.com.BScope.TrojanPSW.Racealer.16188.UNOFFICIAL
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

SecuriteInfo.com.BScope.TrojanPSW.Racealer.12077.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Transferring files using the Background Intelligent Transfer Service (BITS)
Sending a custom TCP request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/603699
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/89b4b266845420410683c6452a44e0aba4102d0f0e153893a2d1f74d047b6f0a/
Threat name:
Win32.Trojan.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-02-09 20:50:30 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3a6e8f5a226edc006e29e38c48eaa721c12e48953abd56dcbc9b241975631247
3bc43c7980c782e88a508e0a94767f5776f3bd79a94b4ce5630b3927af27fde1
6746b12200fed6aeb1764594c84ecd3485e74114325c150ba41d12c555b182eb
74685c3c571f81e1eb2fcbaaca74a9bf792a73b629568ce7571aca5d710f1647
7bb4e30a5272731a9b846b4274aa84662026814b0d610c0c115158be1cd23332
7bc9d1453bb84033fd82500f10db64cbf221c4286ed3eba7928249dae6d67675
9a3467911eaf0122aade59ef8636d005f251ef1e6fb23295bdac92376ae0fb82
cb76c19c178a71a5115ee308b51de416255de06d4e8226fdda8e59275a519c14
dc0715adb07b65af47d660aa7582f9ecdfc770606f1a852fe1aa7a643bba7543
e7e4c086f54086b129715c584777c2d920a9443a6ba85d4ea5e6d63b8eeb5b9e
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210209-wl6x14hsj6/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
97d350210c57ac912e5b859dd5550be8c224b85be703ff6ff0cdb862862f7514
MD5 hash:
93a9078504f99d99f04c2d8acc66c757
SHA1 hash:
a79193ad53f789cd8ca480f89ee5b4e946aca8d1
Link:
https://www.unpac.me/results/602c3734-3db5-4b03-bdb5-4f79415d1074/
SH256 hash:
89b4b266845420410683c6452a44e0aba4102d0f0e153893a2d1f74d047b6f0a
MD5 hash:
613a31e6b50ebcd30e9e907b456b3774
SHA1 hash:
64c163da1f756aa9b19d7aba80cafa9e7520a8b0
Link:
https://www.unpac.me/results/602c3734-3db5-4b03-bdb5-4f79415d1074/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/89b4b266845420410683c6452a44e0aba4102d0f0e153893a2d1f74d047b6f0a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 89b4b266845420410683c6452a44e0aba4102d0f0e153893a2d1f74d047b6f0a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/997634/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/116349/

Comments