MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0755055fec6800ed05b9f1c5c1a997a279a6b992a0eca4b0dc3789120ac4ad3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0755055fec6800ed05b9f1c5c1a997a279a6b992a0eca4b0dc3789120ac4ad3
SHA3-384 hash: 723d4fca63b030910ddbde855c1385a02643a9beb2ee557a5e0ce216d07d8e8144ebf06b6bef3b9e6211da9985f24c60
SHA1 hash: 8d280a5abede4d4cfb2017ace6b172c69771d470
MD5 hash: 14817abceacc2869286157bc5198ba30
humanhash: iowa-pasta-vegan-delta
File name:14817abceacc2869286157bc5198ba30.exe
Download: download sample
File size:4'508'672 bytes
First seen:2023-10-13 11:04:01 UTC
Last seen:2023-10-13 11:58:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:fVHtTKu7hiVzlYtbdmkrfKiu6vFAtgslXW9/Mp2dH+0EXy:fJxEVzQgkrfVuTtgD/Mp2A09
TLSH T1AE2633DFB43C405FFAB88565514E2D38BE4123EC585B6D3928B0145B82384A9BD74FAB
TrID 63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12)
24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.ICL) Windows Icons Library (generic) (2059/9)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
301
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
oski
Create hunting rule
ID:
1
File name:
3ffe89de639f1b858a8cd42ce3add397.exe
Verdict:
Malicious activity
Analysis date:
2023-07-29 17:55:05 UTC
Tags:
stealc stealer loader lumma oski
Link:
https://app.any.run/tasks/98f0f92d-f959-4623-9317-195cc9af9b9a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/454111/
Detection(s):
SecuriteInfo.com.Trojan.Siggen20.63861.29748.5073.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Reading critical registry keys
Running batch commands
Launching a process
Gathering data
Verdict:
Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug packed packed packed redcap upx
Link:
https://www.filescan.io/uploads/65292426a29a700213a16507/reports/f2ee8021-3d55-4ce6-911e-2a017c52fb3a/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/a0755055fec6800ed05b9f1c5c1a997a279a6b992a0eca4b0dc3789120ac4ad3
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DarkBit
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ce75d2d5-c2cd-4702-bca6-40ae89fa496e
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1325224
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/a0755055fec6800ed05b9f1c5c1a997a279a6b992a0eca4b0dc3789120ac4ad3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0755055fec6800ed05b9f1c5c1a997a279a6b992a0eca4b0dc3789120ac4ad3/
Threat name:
Win64.Trojan.Goback
Create hunting rule
Status:
Malicious
First seen:
2023-06-17 03:37:00 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
20 of 23 (86.96%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ub2vavp6y2aa5uc3t4ofyguzpitzu24zfihmusynyn4jcifmjljq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/231013-m591lsaf22/
Behaviour
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
UPX packed file
Unpacked files
SH256 hash:
9bdbda93fb550622a226a694e56a1785abb98427e1d9a78e81ff104cc447e1ca
MD5 hash:
dae99d3db82d17f0098283a271c1c31f
SHA1 hash:
7cca7754b3157350c660095befca69a7b9f34aa8
Link:
https://www.unpac.me/results/3460b124-9fd7-43db-9f69-a0ca2b005bd1/
SH256 hash:
a0755055fec6800ed05b9f1c5c1a997a279a6b992a0eca4b0dc3789120ac4ad3
MD5 hash:
14817abceacc2869286157bc5198ba30
SHA1 hash:
8d280a5abede4d4cfb2017ace6b172c69771d470
Link:
https://www.unpac.me/results/3460b124-9fd7-43db-9f69-a0ca2b005bd1/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a0755055fec6800ed05b9f1c5c1a997a279a6b992a0eca4b0dc3789120ac4ad3

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/454111/
  
URLhaus
https://urlhaus.abuse.ch/url/2719626/
  
Delivery method
Distributed via web download

Comments