MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93a849272c8cd95c44685d207ccc52d5d458d149bdbe6792f5410c54bf378790. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93a849272c8cd95c44685d207ccc52d5d458d149bdbe6792f5410c54bf378790
SHA3-384 hash: 30dd080514cd103f1bd3f83cee30cddd061aded997c4b02ceaae52653fe0a75786553f103ffaf136c7c6abbc33dec7cf
SHA1 hash: dfa6da9340122eb85ce70b8648d26212da21eb92
MD5 hash: e1c52c02a5d99d3e7495ddf47009e638
humanhash: kentucky-iowa-twelve-kitten
File name:e1c52c02a5d99d3e7495ddf47009e638
Download: download sample
File size:1'879'119 bytes
First seen:2022-05-22 17:00:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d0dfe559e003c7370c899d20dea7dea8 (9 x RedLineStealer, 1 x Amadey)
ssdeep 49152:NiLec3Lj+HX6IkSeToYgXwnlDege2hua8jGcxJpp:NiLec3Lj+HX6IkSeT6Xwn1egziCcx
Threatray 28 similar samples on MalwareBazaar
TLSH T1F195AD39EB0617F4D61357B1868EDB7787087B388022AE7BFF4ADE18A4331976805652
TrID 44.6% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
23.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.4% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
342
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e1c52c02a5d99d3e7495ddf47009e638
Verdict:
Suspicious activity
Analysis date:
2022-05-22 17:01:31 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ae9d788e-9b43-4f00-b586-b6beb7303ec6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/273448/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/19553/overview
Behaviour
MalwareBazaar
CPUID_Instruction
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug overlay packed
Link:
https://www.filescan.io/uploads/628a6c6665e33815993694ae/reports/52af590f-4cae-4c77-bb8c-f997d6aae52b/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1c1dce23-e37b-478e-af37-36c159d8a897
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/999383
Signature
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93a849272c8cd95c44685d207ccc52d5d458d149bdbe6792f5410c54bf378790/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-05-22 17:01:14 UTC
File Type:
PE (Exe)
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0c20d0148493e6494e468c0888664a6858ed5120a13d4e938f5cf6bc9d009f57
26dde4b7d7de752c625f0144190ab3f7a265d9f140d0d81e6751e56ebd5affc6
2dcaabc7567be2d913a8f0df7c972cc19d7ac220889f74342aa40cad5ec80f1d
8c506402fee84059ee450e9befa30f224e63eac74380a664755f5e9d31f88f91
d4688e6e5455d4601d2988f805b8e1652def668899185a6c179827f13e72941a
e2f010306e3aaf1a3838ea5bf9d6abefecd5243e17f0ddef47139a80705aae88
f30afc8c92569be98fafc998b231adebfdbd987f2f7300570e1046dbf3004f2a
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/220522-vjh9rseaep/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
e26cb7d36644aef7fbe8bd307b750d62f55eb15663db658bcf148be714ad9963
MD5 hash:
3bc6bfb87b9d6487f3920ab5e24e288c
SHA1 hash:
4209fce4562af0452c80602eea33dec83f5acaab
Link:
https://www.unpac.me/results/166e8d57-81af-4c5b-a682-5fa3c639bb0b/
SH256 hash:
93a849272c8cd95c44685d207ccc52d5d458d149bdbe6792f5410c54bf378790
MD5 hash:
e1c52c02a5d99d3e7495ddf47009e638
SHA1 hash:
dfa6da9340122eb85ce70b8648d26212da21eb92
Link:
https://www.unpac.me/results/166e8d57-81af-4c5b-a682-5fa3c639bb0b/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/93a849272c8c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/93a849272c8cd95c44685d207ccc52d5d458d149bdbe6792f5410c54bf378790

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 93a849272c8cd95c44685d207ccc52d5d458d149bdbe6792f5410c54bf378790

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/273448/

Comments


Avatar
zbet commented on 2022-05-22 17:00:30 UTC

url : hxxp://194.36.177.250:7766/rfv.exe