MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93dcedb1435aa44a336b407c0044da614a3a15336995c5547abe70c5e741a35f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93dcedb1435aa44a336b407c0044da614a3a15336995c5547abe70c5e741a35f
SHA3-384 hash: b15ad65b4eff8bc5c51d191f58a1190e71dcbdd410b744695a1b5ac7e1b96e7e37099cf03a43e19d9abf564b52cd3b4c
SHA1 hash: b590bc04fe3fcaa776182a6168fec232374a7a44
MD5 hash: 52303e3dc2b3b9ad36ba6169418c5bd2
humanhash: two-nine-eight-comet
File name:52303e3dc2b3b9ad36ba6169418c5bd2
Download: download sample
File size:57'344 bytes
First seen:2021-07-26 11:56:55 UTC
Last seen:2021-07-26 12:44:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bf43a37a6ae0ed2852f82f44f0a6f32a (1 x ClipBanker)
ssdeep 768:lMyTlenToDMTEp1Gjy76rM9QXPvRePLrlteelol:lGEYT5y39QXHRErjlol
Threatray 1'169 similar samples on MalwareBazaar
TLSH T166436B1379F2C173D696417228724F4B9B7BBA310A718A5B6BA40B4D6E315D0CA3F317
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
x86_x64_setup.bin
Verdict:
Malicious activity
Analysis date:
2021-07-26 09:51:23 UTC
Tags:
trojan evasion stealer vidar loader rat redline phishing
Link:
https://app.any.run/tasks/22610dd1-7781-4270-b544-0d165b13035a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174106/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46678367.9996.9328.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt to an infection source
Sending a UDP request
Query of malicious DNS domain
Sending a TCP request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6183fbe8-d5df-4eb7-8c8a-94260e508a5b
Result
Threat name:
Cookie Stealer
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/821743
Signature
Creates processes via WMI
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Cookie Stealer
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-25 09:19:04 UTC
AV detection:
6 of 28 (21.43%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
00ac3efa4faaa3927d28bf7b78793d4dac0c814cdbefb2015734d76bee8c988f
22811245067eb0e6e0a6a0696a69a02679221e02e41193939699e6657be11f6c
421b0a7152dfe73bcaae17fa1b6efa1ea2778f6428bb15938dcd4e3be5690c2d
72b24e99cdd46d7cee31af6d8858782b775db1753d4ed954774a2b1306d5dd89
76b87f4f61c849a8af46ebdcb899a0bea036b18f6b473bed34562212eab16b93
83b3a04479c4310f0ac695041b3c1d60c144be650d4b8838a395ca5a46e722e2
924bb78c8e816ebd25d656fb6cf0387449cd4b3cd55846c99d4f0ddb47f71dd5
d03c955b566ad3308d6f9fe90c320300b097e649c9c7380d48cf06815d4988b9
e1fffde5cce94f703cbaf29b14bf0e7569ad207a0a7f4fc63484ced33307198b
+ 1'159 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210726-84gbw8axpj/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies registry class
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Loads dropped DLL
Process spawned unexpected child process
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
93dcedb1435aa44a336b407c0044da614a3a15336995c5547abe70c5e741a35f
MD5 hash:
52303e3dc2b3b9ad36ba6169418c5bd2
SHA1 hash:
b590bc04fe3fcaa776182a6168fec232374a7a44
Link:
https://www.unpac.me/results/b1826324-5654-4220-9cc9-693369f8896f/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/93dcedb1435a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/93dcedb1435aa44a336b407c0044da614a3a15336995c5547abe70c5e741a35f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 93dcedb1435aa44a336b407c0044da614a3a15336995c5547abe70c5e741a35f

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1439538/
  
URLhaus
https://urlhaus.abuse.ch/url/1482679/
Cape
Cape
https://www.capesandbox.com/analysis/174106/

Comments


Avatar
zbet commented on 2021-07-26 11:56:57 UTC

url : hxxps://live.goatgame.live/userf/2201.exe