MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89dfe6723e55f135d16de1f4e2ae45219f524c3af760e33d03d8f1a5a5a04205. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 89dfe6723e55f135d16de1f4e2ae45219f524c3af760e33d03d8f1a5a5a04205
SHA3-384 hash: d99d75fd4f52aa47c43aa296bd897de59065113d40c86b04d90920fbf301db7020316ace21dac9120be8943c4c75791f
SHA1 hash: b76c15ced95404502018ac5f81985358f360831d
MD5 hash: b6c00c479ab971001b984bdc15235338
humanhash: july-maine-west-sodium
File name:DelfGame.exe
Download: download sample
File size:620'544 bytes
First seen:2021-11-28 00:05:15 UTC
Last seen:2021-11-28 01:40:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c8c72d6b0c674607bca7c0d7c04a87df
ssdeep 12288:+Lc71F8y4M+usd98UdcRXxKa7sgUQ/MnCm:+w8yt3C8XsgU8MCm
Threatray 2 similar samples on MalwareBazaar
TLSH T1AAD46E539D182E75C0DE8E7342233063FA5AB7A6B3301AA31194F16DDA24D93F678727
File icon (PE):PE icon
dhash icon 55d613a1a0c46d93
Reporter CosmoSnep
Tags:exe


Avatar
CosmoSnep
Discord account stealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
194
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DelfGame.exe
Verdict:
No threats detected
Analysis date:
2021-11-28 00:09:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e587b890-3ae1-47db-a8a8-ca28d51ed0ec

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Win64.MalwareX-genTrj.17332.1878.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
anti-debug monero
Link:
https://www.filescan.io/uploads/61a2c7ee02c80febc2abc27c/reports/fe2cc9b9-cd8b-46e0-be27-405097b866d5/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/55285bae-31cc-4451-8212-c0232a3630a5
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/897237
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/89dfe6723e55f135d16de1f4e2ae45219f524c3af760e33d03d8f1a5a5a04205/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-11-27 23:24:35 UTC
AV detection:
6 of 28 (21.43%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
dc050b963c642e86bf74da5e85fbfcb0b3c12bd692808bf8ae12a36f4bcf3c84
fca3a8527a1f895a5aa06d5cec9ba6be6644ae8ba144a0f3be590f4c4e761cfe
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211128-adrzhahdb8/
Unpacked files
SH256 hash:
89dfe6723e55f135d16de1f4e2ae45219f524c3af760e33d03d8f1a5a5a04205
MD5 hash:
b6c00c479ab971001b984bdc15235338
SHA1 hash:
b76c15ced95404502018ac5f81985358f360831d
Link:
https://www.unpac.me/results/b7f00ae4-1bb4-412f-b809-aee2be724543/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/89dfe6723e55f135d16de1f4e2ae45219f524c3af760e33d03d8f1a5a5a04205

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_obfuscated_JS_obfuscatorio
Create hunting rule
Author:@imp0rtp3
Description:Detect JS obfuscation done by the js obfuscator (often malicious)
Reference:https://obfuscator.io

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments