MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 907e7f7e2ee47c955cf315747ab913b591e9046f51c0f3ba9a6eef696346198e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ClipBanker

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	907e7f7e2ee47c955cf315747ab913b591e9046f51c0f3ba9a6eef696346198e
SHA3-384 hash:	98302ec83470962d81af339ab7ac7967971ed75cb42e93796ce3b68dc0558e8f9a32e0824eede2848d10afd70ca66b23
SHA1 hash:	1e8ce36d82aab5d9ae09630bf01a77d92778d603
MD5 hash:	d42c2456ea9de66a75a29dea464a4e4d
humanhash:	social-papa-snake-saturn
File name:	Runtime Explorer.exe
Download:	download sample
Signature	ClipBanker Create hunting rule
File size:	155'648 bytes
First seen:	2022-03-29 13:53:23 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0a464e2f61945ed36131666607401478 (1 x ClipBanker)
ssdeep	768:fIHIzUzS7eXCHPVAfktEtzIpo9TRyG0onSwj6lGT4YEybLlY4aKHR++uVTShUhM7:Q9DCS48h0mvMkDmXPYavc7t
TLSH	T1EDE333F09FF5B8A5E1252473B558B13C3BCB5D1EDC615836E28BF50A34628C224E6E1B
File icon (PE):
dhash icon	00414f4f4f4f4700 (14 x CoinMiner, 12 x RedLineStealer, 12 x NodeLoader)
Reporter	Anonymous
Tags:	ClipBanker exe

Intelligence

File Origin

# of uploads :

# of downloads :

242

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Uplay_Account_Generator_-_Freedom_FoxY.rar

Verdict:

Malicious activity

Analysis date:

2021-12-22 21:08:03 UTC

Tags:

miner trojan

Link:

https://app.any.run/tasks/36155e35-8b48-49a3-8da9-b2d41c7c2f02

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/259267/

Detection(s):

Win.Keylogger.Clipbanker-9849694-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Using the Windows Management Instrumentation requests

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-vm explorer.exe shell32.dll

Link:

https://www.filescan.io/uploads/62430f7f9253b276b79c4939/reports/4cb76156-75ef-452b-bfb9-84a3a08e59fe/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

ClipBanker

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/52b58344-2041-461f-8cfd-e6a00c7833b5

Result

Threat name:

Clipboard Hijacker

Detection:

malicious

Classification:

spyw.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/967031

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Uses Windows timers to delay execution

Yara detected Clipboard Hijacker

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/907e7f7e2ee47c955cf315747ab913b591e9046f51c0f3ba9a6eef696346198e/

Threat name:

Win32.Trojan.ClipBanker

Status:

Malicious

First seen:

2021-12-20 13:30:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

29 of 42 (69.05%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=sb7h67ro4r6jkxhtcv2hvoitwwi6sbdpkhaphou2n3xwsy2gdgha._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220329-q7j4raaeak/

Behaviour

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

907e7f7e2ee47c955cf315747ab913b591e9046f51c0f3ba9a6eef696346198e

MD5 hash:

d42c2456ea9de66a75a29dea464a4e4d

SHA1 hash:

1e8ce36d82aab5d9ae09630bf01a77d92778d603

Link:

https://www.unpac.me/results/a959e50e-e477-4169-a68f-297a723f0ba2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/907e7f7e2ee47c955cf315747ab913b591e9046f51c0f3ba9a6eef696346198e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/259267/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample