MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99da2ea7d73be3ae8f0a2e8bf043f590c31ab39af87a4a44dfa1b5728bea63a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	99da2ea7d73be3ae8f0a2e8bf043f590c31ab39af87a4a44dfa1b5728bea63a0
SHA3-384 hash:	492b9c68122a02da630a368095283f0b19635a57b8b9a410ae0acf0114e2773e279417ae5a1f3b58478c0bf6ae920bf1
SHA1 hash:	6453e25eb436e710aa6287aabe5711053e11521b
MD5 hash:	cd95625644125978dd27c5b97141b5d4
humanhash:	johnny-winner-london-bulldog
File name:	electrum.exe
Download:	download sample
File size:	18'448'486 bytes
First seen:	2022-10-05 18:41:50 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	719ea92bb6bb4c5aaa3e4d2e8bbfdde0 (1 x Meterpreter)
ssdeep	393216:rkZU4wT1/BpX8Lv95H1sPUNXl24/IjOLAqEz:gi4wp/BpX8LvLvN1pIjOL5Ez
Threatray	111 similar samples on MalwareBazaar
TLSH	T18D0733CAD0DB59AFE8FB0472ADCCD7B1385D36310A62839B8A5A406509DB7757B308C7
TrID	56.8% (.EXE) InstallShield setup (43053/19/16) 13.8% (.EXE) Win64 Executable (generic) (10523/12/4) 8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.9% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	44b2d45450683044
Reporter	Anonymous
Tags:	Crypto stealer exe

Intelligence

File Origin

# of uploads :

# of downloads :

394

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Malware.Generic-6651488-0

SecuriteInfo.com.Trojan.RansomKD.12694723.11705.20329.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

DNS request

Creating a file in the %AppData% subdirectories

Creating a window

Сreating synchronization primitives

Sending a custom TCP request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/41375/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

CheckCmdLine

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

coinminer greyware overlay packed

Link:

https://www.filescan.io/uploads/633dcffed089a0c15dd55bc1/reports/a8e1580b-eec3-40b5-850e-39f6dec88785/overview

Result

Verdict:

MALICIOUS

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

11 / 100

Link:

https://www.joesandbox.com/analysis/1084381

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/99da2ea7d73be3ae8f0a2e8bf043f590c31ab39af87a4a44dfa1b5728bea63a0/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=thnc5j6xhpr25dykf2f7aq7vsdbrvm427b5eurg7ug2xfc7kmoqa._file

Verdict:

malicious

35118d4ed995388333e3bcd09e9981f1006bf81ab54ab54b4f6be028fde948b2

4a9887fef34c6b9ca125aaa02e9837585f545c65e8e424296f1f8cd2151bc424

4d55542e34eec2465af7785b29aa93097401824fdb682cd8dd0d19141eaefdb6

58cfebd1eed6a2170b36f66f7d7cb0b60e9824cc044eb2b95a746eb8c5b0a857

7b343c681a9efcff92023c2eaf0411bb7d70a305e38cf840b37c7ff1bab910cb

83fb12675e7a38ea904629a2749abf54e35b1a5885cec6e4fc058901df97f038

8d64a012716a426a5abb3fa295dfe66b8787058fd1a7736ef608ced25921c2fb

da8b8f45b6446e84e539e1f6244d7b03dc822cf5649e0e8602f6e32cfc41597f

e0d5e662bb29b62dc06e8c1c5ed07beb282ee6bb61b1fba4fb9393dd3cac4645

+ 101 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

pyinstaller spyware

Link:

https://tria.ge/reports/221005-xcb8zsfdhr/

Behaviour

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Accesses cryptocurrency files/wallets, possible credential harvesting

Loads dropped DLL

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/1c2f171d-8933-4cc1-a7e8-600cf984427a

Unpacked files

SH256 hash:

cf69164b448c58afb9b85195252cc9bdec9e4ab746f606e6c143566015f303dc

MD5 hash:

59a5438126211a5fc58dd260c08393c3

SHA1 hash:

517380c59521d285378006eded440dac0fa3531f

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

86e8d039ca071abc745bc55c5f98cbd145a9062c35d6ab5997cff82ad6e4d634

MD5 hash:

4a2c0fcc5d70d7be627f89fd02bb825a

SHA1 hash:

85d5c6c05d93f2653b58ff436ce07a918a5bd264

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

bc90dd3ce3a315742ead658ccf7ee3f3ad603acd488612703f8075004c0f1652

MD5 hash:

5dc5276c7e724007a903d20d786c16d7

SHA1 hash:

222463eaa1d2371ba7420416d7603dd37d4e6a94

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

beef2b9e81c24657e9ee94ace6fac0548ddd9c1ce4ab39312e02980edafaf06e

MD5 hash:

dcdf2f045907a8b65c9bcecbbe87dbbd

SHA1 hash:

f27e9da4ae62fbfd7f7a3c46c3c2e8d6b1aa59f7

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

7b3eed6bd5205c33e9c4bfbbb2fdfd61e42ec09603175a4033fd028f99cb86e5

MD5 hash:

39ceff76421158d59f5962bcd14816aa

SHA1 hash:

9217d64e7fd45c476acc20b91bd39cba08347af0

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

622e419b3f3417cda142918538c8e13c2ffc91e4f5bbce9bd46992d49f8d9d96

MD5 hash:

ead9bd767cc5705bef5f06ab116656db

SHA1 hash:

62305bfa7acbbf59a9148ab518d48c058a79b247

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

069d895766271a785447d643eb001453de0eedc91eb8536bcd624ccbb4a3d61a

MD5 hash:

97cc7d6dbb325c6cf99a02e1902b3bd5

SHA1 hash:

bee32db385da6af4dadb1a175b55473d435c8b86

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

c8b9ca585382464b4c1c3c9a71baddc6e8189c9ef4be1fe191a1bb5f4fe7d4d5

MD5 hash:

4fe5b115cd0c4094d4f10c58850f1404

SHA1 hash:

88832334972205436b5b73da56840336d27b238d

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

b09b454568105d4098a9844faf53307da61969585a203aa383cf6dee85853955

MD5 hash:

c045842f2a865fc6ddb826ad7fe38464

SHA1 hash:

0e657ca7eff085f275deb92657b6a658d5561570

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

81c1ea10061e044b80ccc00c6c20d301dd52ae54a305481889464fa5cb680dc6

MD5 hash:

feb3ce86c9288cdc303eb5d1a3ca7f0c

SHA1 hash:

b8ba0b363192c83a6c61de6ee7e843f560a09cb6

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

47b5e59e1b8dff537e761a2b63b36488065d58897e8d14293bd51b201b2d6bb9

MD5 hash:

896aeb00738c2acce3e6c695d639a01f

SHA1 hash:

f6bd92e4bf93a2249838de6a71e1b4ba7635a4f3

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

7a7f3537f7f161fdef85a1dab11445f6c2119563c82228e40be4dcc5c3dcc3b3

MD5 hash:

af89307c10b669b0ccf0c807b75618db

SHA1 hash:

e9e879149afed7dd4495f2c5c74fb9df519c7504

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

7880db04a15f8edc124396439a58d799abdb90fedd80e70d9c2b82fcce8b5e14

MD5 hash:

ff2b4cee7b339e47453d851a86d11add

SHA1 hash:

cb68081557d40835892764929ca556caef86fd22

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

e6ece7298b82aeb9a07ae1bd4868798d95c30e0abd38ede53a45db4c2c0b97f0

MD5 hash:

d8b3ff4a8a6a6f17ad0093881c204cd6

SHA1 hash:

c6777f6fddde86bc9906f56c26eb9639e6a750b4

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

294c41a3f6bfb3cceb6c56ca54c76d48709a5d266c40113ed05453a15dbc3ba7

MD5 hash:

1249a752eac0a6a11395fc0b6e7b7543

SHA1 hash:

be18d9ef32f8ccef13f2c90bd2bb7dc1dca8867a

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

2e5e3303ec148dc9e7eaf3abf7974321979f64ed02ce5ded15477cc89d8b9673

MD5 hash:

5476722d00b1e860c3c6c5d23ded3941

SHA1 hash:

a8d5f91712a2ca508f19415fe9ffdc4316e9001e

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

fde616cb9a38463daa8a2df9e60b2dea3bbbc63175616f2d8c9dc94b0bc3edd3

MD5 hash:

8b342574696cd3dd4b5c1c3d486e4b34

SHA1 hash:

9edc0007d865170ed5aae56b3036a19a3e76e6fa

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

22ddca782b0e96aeffb6f5bea051738e2b41b0c3a220806d6f42f5d03e6deeff

MD5 hash:

d9981e3031264c43b52bf45b7096b5b3

SHA1 hash:

912335fdb6f86cab102e29c0875ba5263f81e4ba

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

a7e020f5fd9b1f5696fa0e1a775f3826b25b358f775961c4592520a9234136c0

MD5 hash:

efde841021dc217a0c6f974f26a1f3b9

SHA1 hash:

8e71fd257008228e95ca2c60d350e2ebb3acbb0c

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

1fe7fb64bc386cf750140f76bfc9c944005c9efc063a56806dbe9a45f5a488f1

MD5 hash:

b2f8c17b892d90d0200e23ef168171d0

SHA1 hash:

81aeb4067f9e1ef998b352ab576c2b141eb9c052

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

b624967e40d880a6c006a3baf160a08b660b2316fb6b5f2676573fa1ea328532

MD5 hash:

ce9ec46a4c791fa04ea19e1114138150

SHA1 hash:

6a34c5af0d8d429c477e655df3c0a8a486959543

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

d93ea35c5d187492ef066fa60f0e0ca40b6601a4f16efacf70ee19411dd8ebc0

MD5 hash:

86c47ae98cb6439fdeb2cef8657eb267

SHA1 hash:

61407469c24e0452aebc19079d21e2b5d84a0d3a

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

0a398a307c4f71a9aeab04d72c1dac3ebd97ab1b47c73140eb4900a78ddcc3af

MD5 hash:

36d2731b22756279de71c88927992de2

SHA1 hash:

562081afeb4c3c09e0e1effbefcbbb57e903c5fb

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

91c40ffbe58ecd477ae65acb8245e314a3b492fe33e07a3091d86f03ef016fde

MD5 hash:

c2a52195891ae00c9d89590982516d37

SHA1 hash:

55fd43221c0ef3d89e2849a5d99da08e58313461

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

6a30c1fe2ce5f262a69e50dfe984f1067d353669652e22d3bec4bf28ae1d31f0

MD5 hash:

d6957ae40ff53ed2186bc218b5829b50

SHA1 hash:

4aaf6b78377e76e71d298775b12e80a6b02a5c55

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

0bcb990205f81a3a4374b76a45a6c5b41379db4bce0872b297a882e9ecb6dcde

MD5 hash:

f1757da766acf8cd742a9bcd590543cd

SHA1 hash:

2ff790bf2fcc8a082a076e5128efdb3e1767c910

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

f65d2d853212b4724410ffb7e37bafec318f0eb174dc3e3bbb5a3694e6cf2454

MD5 hash:

a328ba6c394855ea24125371516341b6

SHA1 hash:

26ab803e415581f25bd7d8f8179817673beca7a9

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

a49566b85b94d12b2875ae401eabb8a8f1de1c1d6ad71c5be6ba6f09fc87311d

MD5 hash:

1b6e2bc4d6400e23ec108b7c306d461f

SHA1 hash:

0dbd153608c0fd57ab7b7091c98aea8077d66f7d

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

SH256 hash:

99da2ea7d73be3ae8f0a2e8bf043f590c31ab39af87a4a44dfa1b5728bea63a0

MD5 hash:

cd95625644125978dd27c5b97141b5d4

SHA1 hash:

6453e25eb436e710aa6287aabe5711053e11521b

Link:

https://www.unpac.me/results/3da0c17d-5db7-4305-b06b-0f283f093e61/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/99da2ea7d73be3ae8f0a2e8bf043f590c31ab39af87a4a44dfa1b5728bea63a0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	PyInstaller Create hunting rule
Author:	@bartblaze
Description:	Identifies executable converted using PyInstaller.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample