MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97ae0539568cfb2e8a4d2f156b190f2c53e5cacdc38b2f3af3fac3e61a16230c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97ae0539568cfb2e8a4d2f156b190f2c53e5cacdc38b2f3af3fac3e61a16230c
SHA3-384 hash: ffe3b4d079734d3510a872ffe8d586bd16cc6bf64f1ee96d2c7567e24c77423110718f30dae9350e700bac0c099f44b4
SHA1 hash: eab1d2959d4f7dde4bc69cc355071565a2cf3553
MD5 hash: cb012d603d143ba32014c24a0f5aafa3
humanhash: artist-paris-vermont-avocado
File name:97ae0539568cfb2e8a4d2f156b190f2c53e5cacdc38b2f3af3fac3e61a16230c.bin
Download: download sample
File size:603'136 bytes
First seen:2020-11-03 07:52:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3160490030820b14a524463c9a579c7a
ssdeep 6144:tI8InET1e1c+iRNAEcB7wrwEPSo2k5mYb1nXFul4ukKNaRX:y8X1e1+PSElPL2YG47
Threatray 24 similar samples on MalwareBazaar
TLSH 7BD45C0AFE818874C4767A3124FFE235C635AE2C4427512BEFAF5F44EA3E3905E59246
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/81979/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.57863.10145.23986.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.troj.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/518940
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/97ae0539568cfb2e8a4d2f156b190f2c53e5cacdc38b2f3af3fac3e61a16230c/
Threat name:
Win32.Trojan.Masson
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 21:39:19 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
097b152ff58f38eb290d121cdc0bc31a45178aeb75195b0e8cb5dba21fd81902
3c1b9541dbc076c9f22c1614de354abb24ea17f2452334d6d3b5ca12bd0eedb9
7435af4d6932bb4ed3a26f1cd5ce81654c9b0fd25a9a4a6f7e821678df032168
7b1d3afeac807486a9d7e830e145199be7e075b8be9d31f1ffff20acc34cab16
7d9779fbd1bf96300874dfb62e5756308807a2c16a83de2a3f2edab794215946
81476a0591455602ec96e76fd76d781dc2da872e3c1909b58bda58a1851f6099
88eacbf15adf320e4d4b67d6aa47c95d686d724f9e3abe1524167ee0fd668b6a
a456769302254d2e6609a7832d93937572b7b73cca217873d7f60678414645e0
dc021a0ca0bb3f66d54d15d2b236422c0b90399ea762c7d7aa6d727b9bd5b46c
efc9dc681fbad59d5fb6f1a66b433d6a7a7b7144444413d78f9d71dd184039ab
+ 14 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery spyware
Link:
https://tria.ge/reports/201103-rz4klpfx8a/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Looks up external IP address via web service
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Unpacked files
SH256 hash:
97ae0539568cfb2e8a4d2f156b190f2c53e5cacdc38b2f3af3fac3e61a16230c
MD5 hash:
cb012d603d143ba32014c24a0f5aafa3
SHA1 hash:
eab1d2959d4f7dde4bc69cc355071565a2cf3553
Link:
https://www.unpac.me/results/2cbd319c-ae6f-4ef9-bf11-d976023d5f10/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/97ae0539568cfb2e8a4d2f156b190f2c53e5cacdc38b2f3af3fac3e61a16230c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/81979/

Comments