MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8aa42c477d96d5cf3a5d9ea88ebc6e82d8db7970f85fd03924447040e2758a96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8aa42c477d96d5cf3a5d9ea88ebc6e82d8db7970f85fd03924447040e2758a96
SHA3-384 hash: 8850bac959c0fffb9633f55a9ad69626461d77a35e9579493f95bb78888b4491630095dc51ac4d279f9232099200979f
SHA1 hash: e2da652c2f50b14b40c43ade2833870d7269ca01
MD5 hash: a2edebe13281b55a39f2d492c9f082bb
humanhash: purple-mobile-fillet-tennessee
File name:a2edebe13281b55a39f2d492c9f082bb.exe
Download: download sample
File size:212'480 bytes
First seen:2022-10-10 07:22:15 UTC
Last seen:2022-10-10 08:21:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3840d23b451979fd0e44ea1e48be5e3d
ssdeep 6144:NNUHeDjao6tuUugQQK+VJet/7xe27sZIH7Kajj5XfRKBcy:0HQYb9lK+C/Au7KaHq
Threatray 1 similar samples on MalwareBazaar
TLSH T1052412A7D9C7283BE9FBCB799830ACB144A4DC0043779504BDC824B86BCD581663CB6B
TrID 99.5% (.EXE) DOS Executable Generic (2000/1)
0.4% (.TAR) TAR - Tape ARchive (symlink) (10/3)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
203
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/318220/
Detection(s):
SecuriteInfo.com.Trojan.Packed.28044.16120.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware keylogger packed shell32.dll stealer
Link:
https://www.filescan.io/uploads/6343c858b3725d3f9a1b1475/reports/daa48241-4c86-47b9-a8f3-dd9c77d04d2e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/19d45bdd-4efb-4417-a4c6-6ccad24e8892
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1087515
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Contain functionality to detect virtual machines
Contains functionality to bypass UAC (CMSTPLUA)
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Searches for specific processes (likely to inject)
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8aa42c477d96d5cf3a5d9ea88ebc6e82d8db7970f85fd03924447040e2758a96/
Threat name:
Win32.Trojan.LgoogLoader
Create hunting rule
Status:
Malicious
First seen:
2022-10-07 18:18:04 UTC
File Type:
PE (Exe)
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rkscyr35s3k46os5t2ui5pdoqlmnw6lq7bp5aojeiryebytvrkla._file
Verdict:
malicious
Similar samples:
9d999302139c1563ecaae97d611bf7c9b519b3a3291d8fe8d2f17e3a1dec958d
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221010-h7s3nabbhm/
Gathering data
Unpacked files
SH256 hash:
b124b05bfa90757a8718d5ebbb386cbc04bb7c5e65f1bb6984598dfb04527f85
MD5 hash:
7c06dba5eff38c312806446f35af4956
SHA1 hash:
a22d917491594b79026c2e7d3d3542cb755d2ff6
Link:
https://www.unpac.me/results/c0ba452e-38b8-46bc-911d-03146db28aa5/
SH256 hash:
ceb192ff08bda7b4cb12d2f55806be2e5038e0701a8304dc210e9348a4d50b34
MD5 hash:
2b1c72b8354a9ce3204548c7cb0fc24e
SHA1 hash:
7790b7ade96afde27a5c1887394891932b5780e6
Link:
https://www.unpac.me/results/c0ba452e-38b8-46bc-911d-03146db28aa5/
SH256 hash:
8aa42c477d96d5cf3a5d9ea88ebc6e82d8db7970f85fd03924447040e2758a96
MD5 hash:
a2edebe13281b55a39f2d492c9f082bb
SHA1 hash:
e2da652c2f50b14b40c43ade2833870d7269ca01
Link:
https://www.unpac.me/results/c0ba452e-38b8-46bc-911d-03146db28aa5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8aa42c477d96d5cf3a5d9ea88ebc6e82d8db7970f85fd03924447040e2758a96

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/318220/

Comments