MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c28d2bf040ea8985b2cc4ba1b4b86d8458a7a626fc9450395cc2cb02ee664a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c28d2bf040ea8985b2cc4ba1b4b86d8458a7a626fc9450395cc2cb02ee664a1
SHA3-384 hash: 9309f102ddbf8a8690f2fa78e0064aae1299345f01a306845ebdbe09d16830a1fd8886ca302cf0596cccefc75977bf9e
SHA1 hash: 72d824a66d811bccf353094e765dbe67becc8b7c
MD5 hash: 8422468165522e6702fe282ad20b70d8
humanhash: twenty-april-earth-six
File name:SecuriteInfo.com.Trojan.GenericKD.62399371.10797.1079
Download: download sample
File size:5'334'528 bytes
First seen:2022-10-02 13:26:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:ojU/0lpmeRijM+/8zOiyBfo6Wp5gQNeVNjKd3MC:onDmJNkyV2ONa
TLSH T1C436337DD85425B8F02A2733D44CBDE499F8FB7AC86329A30A4425ACB497A187F47394
TrID 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
279
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/315753/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.62399371.10797.1079.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8cff70b9-af6e-49b5-b8ae-227e83ed7e53
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1081913
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c28d2bf040ea8985b2cc4ba1b4b86d8458a7a626fc9450395cc2cb02ee664a1/
Threat name:
Win64.Infostealer.BroPass
Create hunting rule
Status:
Malicious
First seen:
2022-09-28 13:43:13 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
21 of 41 (51.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tqunfpyeb2ujqwzmys5bws4g3bcyu6tcn7euka4vzqwlalxgmsqq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/221002-qp3s5sacbr/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
UPX packed file
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/18d9f4ce-a1fa-4969-8ad6-affd11763342
Unpacked files
SH256 hash:
83a1d4cffd8ead2782e47b07923040043bf672155c8aadc9e16b9f2e9030cf98
MD5 hash:
f0bbc22a07764f78fc666e9891140680
SHA1 hash:
8ee419e4df5c30552d94fd312c74f9b88b1dfa9e
Link:
https://www.unpac.me/results/1e376fad-9cf3-4de4-ad93-fcb2e2ac75ac/
SH256 hash:
9c28d2bf040ea8985b2cc4ba1b4b86d8458a7a626fc9450395cc2cb02ee664a1
MD5 hash:
8422468165522e6702fe282ad20b70d8
SHA1 hash:
72d824a66d811bccf353094e765dbe67becc8b7c
Link:
https://www.unpac.me/results/1e376fad-9cf3-4de4-ad93-fcb2e2ac75ac/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9c28d2bf040ea8985b2cc4ba1b4b86d8458a7a626fc9450395cc2cb02ee664a1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9c28d2bf040ea8985b2cc4ba1b4b86d8458a7a626fc9450395cc2cb02ee664a1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2345501/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/315753/

Comments