MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f672ecfe527575cf2b512c9e64799774e4de3340cb0e0f205a78650f575e052. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	9f672ecfe527575cf2b512c9e64799774e4de3340cb0e0f205a78650f575e052
SHA3-384 hash:	8c923a44652f63586a7f33fea4b2dfa5a1b7c0245b11c70c9d1d92c7d117584aa3e51d8a1ad70f1a0af37807741e9e68
SHA1 hash:	59bcf4db3ef76c3c2255f3fc6b5d8e13ac9d501b
MD5 hash:	75da5eefd0f0143a671a22131f9828e2
humanhash:	spaghetti-stairway-lion-fish
File name:	file
Download:	download sample
File size:	1'081'344 bytes
First seen:	2023-02-12 18:49:07 UTC
Last seen:	2023-02-13 05:15:11 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	482f298d05f21a8742e0277338b51a7f
ssdeep	12288:ygX1AJ6tEIKMu1yxN/GT5Q6wxNPMGyaqb+X:LX1AJcKMu1yxNkCN7X
Threatray	31 similar samples on MalwareBazaar
TLSH	T12235D001B5D1C072D5B325320DE4D7B99B3EBD200A6199AF67E40FBE4F70682DB21B66
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://vk.com/doc10773776_659362575?hash=KyZJwpu1KYb2eo1hbxCU0Eq0W9bDvmc2A5cfRJZcndz&dl=GEYDONZTG43TM:1676226858:95FfvwbuOY1BnLzWXx1jV3CzBtdSCNoiZTS5VuzN6Og&api=1&no_preview=1#cr1

Intelligence

File Origin

# of uploads :

143

# of downloads :

187

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

Suspicious activity

Analysis date:

2023-02-12 18:50:55 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/97ace4a5-b5cb-4f75-be47-f07019798348

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/364553/

Detection(s):

SecuriteInfo.com.Variant.Lazy.296718.27977.32008.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Searching for the window

Sending a custom TCP request

Forced shutdown of a system process

Unauthorized injection to a system process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/63e934dd6ea97adc8fc02a5c/reports/1403dd7e-2a44-4dc4-8a4f-80a86a42b1e0/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/9f672ecfe527575cf2b512c9e64799774e4de3340cb0e0f205a78650f575e052

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

LummaC2 Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e3fe2560-f3a8-4e27-a22c-7c6f8714f4a1

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1172718

Signature

Allocates memory in foreign processes

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Writes to foreign memory regions

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9f672ecfe527575cf2b512c9e64799774e4de3340cb0e0f205a78650f575e052/

Threat name:

Win32.Trojan.Alien

Status:

Malicious

First seen:

2023-02-12 18:50:23 UTC

File Type:

PE (Exe)

AV detection:

19 of 26 (73.08%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=t5ts5t7fe5lvz4vvcle6mr4zo5he3yzubsyob4qfu6dfb5lv4bja._file

Verdict:

malicious

434a55ad813b1a6b02c52f969ad2101dffb037871b160ee82090383a9961ac07

50825b0c7d0120fdd2e616dc9e6e0cb02d447542a1502d7a29e5b04db4a9e9f6

a70b6ef48d0507f0aaac832d402f328b3d3567f2bdc38d55108ce75f1164bd2a

b4846229dae345fd0ad046961062d0726f405d86f060e4f46a273ecd5e46a99d

d78f10d9f1fc9f184a8fb7ab10d1683a9857be12a81e504f2389edde9203ab5c

f44509c316c316868364eb9d2e0162a357efea7a2478616007e341a676a1d714

+ 21 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/230212-xgxeqafg64/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Unpacked files

SH256 hash:

9f672ecfe527575cf2b512c9e64799774e4de3340cb0e0f205a78650f575e052

MD5 hash:

75da5eefd0f0143a671a22131f9828e2

SHA1 hash:

59bcf4db3ef76c3c2255f3fc6b5d8e13ac9d501b

Link:

https://www.unpac.me/results/0ea6e5c6-df63-4d9b-a8dc-b0ca1151708d/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/9f672ecfe527/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9f672ecfe527575cf2b512c9e64799774e4de3340cb0e0f205a78650f575e052

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/364553/

URLhaus

https://urlhaus.abuse.ch/url/2538548/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample