MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6876fe9efa8a8cfd87c09e52bee9e313aa6285d79060fe8efec3f7b82438f08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6876fe9efa8a8cfd87c09e52bee9e313aa6285d79060fe8efec3f7b82438f08
SHA3-384 hash: 020362d0fe5fa5073b67accc1ab39ecf0f63a605936305c804533e0a17e49fa04f0bd8d892d74e591c621cc1cfc9c56b
SHA1 hash: 8ea5cfa866eb0ab82cd341ac3ed1c381ec13109f
MD5 hash: 9326ea6e2451888b01bb2ed61bae5f7c
humanhash: may-carpet-kilo-alabama
File name:9326ea6e2451888b01bb2ed61bae5f7c.exe
Download: download sample
File size:4'009'119 bytes
First seen:2023-05-05 12:29:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a18c466a89c034cf01801b0439542035
ssdeep 98304:4uW2HbA6WrHDvQZfuMquT8xYxliMdQjIypljr+iX3oNT:vW2H8ZjcllqgB9ijIUl3JMT
Threatray 67 similar samples on MalwareBazaar
TLSH T1B306335B2D9BC754C83A22B1467388F7BB5214F0F90FD51FCA180866D85AE70E82B75E
TrID 48.0% (.EXE) Win32 EXE PECompact compressed (v2.x) (59069/9/14)
33.8% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
5.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.6% (.EXE) Win32 Executable (generic) (4505/5/1)
2.4% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon d3c769258525555f (1 x Cybergate)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
222
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
9326ea6e2451888b01bb2ed61bae5f7c.exe
Verdict:
No threats detected
Analysis date:
2023-05-05 12:34:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bb1e44f0-c603-4149-8397-6cc94c8ba361

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/386887/
Detection(s):
SecuriteInfo.com.Win32.Trojan.Agent.W0C4D8.25350.2079.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/6454f6cf32697907fb69331d/reports/f28899a0-ce9e-4cc0-aba8-1b992a973524/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/a6876fe9efa8a8cfd87c09e52bee9e313aa6285d79060fe8efec3f7b82438f08
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
KRBanker
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fcc138f3-0dec-431d-92ae-a4789c205974
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1226894
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to modify clipboard data
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Tries to evade analysis by execution special instruction (VM detection)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a6876fe9efa8a8cfd87c09e52bee9e313aa6285d79060fe8efec3f7b82438f08/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-05-05 06:58:45 UTC
File Type:
PE (Exe)
Extracted files:
171
AV detection:
19 of 37 (51.35%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u2dw72ppvcum7wd4bhssx3u6ge5kmkc5peda72hp5q7xxasdr4ea._file
Verdict:
unknown
Similar samples:
15df432e0f75857dbdb8da921cfffeed71244a95650b9fe8da19219999662d65
20024275bdc24c816fc87095f7619efbf9dfb12aae1ce64e492378d26a7ecc0b
3500abcc8f0c8af8f665b03f8bab9c712fe8b4a073ea1f35618e68c7b7075794
6d9ada349683ee0eba45222aa55394649b9ecdfed39d3e7de604b050ba719858
9848335d47d8bb203145e2aca78fc8f9b42fb2ba1cd91561974172ea6da43851
9ecb3553a9b19155cb2022f5620153581a2b370655f66a53caf44cd920330471
a027d527bf8e2d3682ee39f12379d113bc7d28193d36b2c448712e5c8009ff52
+ 57 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/230505-ppg11acd31/
Behaviour
Enumerates system info in registry
Enumerates connected drives
Unpacked files
SH256 hash:
fda6a046ccaa6bbb1a5f7c75e9ff7d936aaf841d1fbced495141604dcac081a8
MD5 hash:
048e4659465b2f39511cf2e81a7e5a3b
SHA1 hash:
f447e872bb8d0878d9a708ff661be523361464dd
Link:
https://www.unpac.me/results/eaed9fab-f1e0-4df5-bedb-197fc0f262ae/
SH256 hash:
feb8d6f800c5e4c59b7310ef71b0bf4cbebb9ad84d2238759058468e654a2abe
MD5 hash:
52099dc0826923842a8e015566fc3fcd
SHA1 hash:
8d5f1e81ca3679c3f9265bdff1b42e3d81f66ce8
Link:
https://www.unpac.me/results/eaed9fab-f1e0-4df5-bedb-197fc0f262ae/
SH256 hash:
26bee0363de4645a035813f3118d69b5008200e92df1c215fd611246e7619513
MD5 hash:
13bf56795209c6a48ec7be52a112dc50
SHA1 hash:
87fa7b572c20f16c16324fc022bc7fa24fc9fbe0
Link:
https://www.unpac.me/results/eaed9fab-f1e0-4df5-bedb-197fc0f262ae/
SH256 hash:
d8e895e55f22bc0cd93166a91171ced3da410fc928060261ddadcdeebfb992ca
MD5 hash:
82dff13bfe804b14b910627591f599b6
SHA1 hash:
6e6c6c8470da8ed644f87298b22cc1170a4e62de
Link:
https://www.unpac.me/results/eaed9fab-f1e0-4df5-bedb-197fc0f262ae/
SH256 hash:
afb4fa198bfa7843701b5646658029a52fc56ff82854ba3e9b2476ee6b8c361f
MD5 hash:
6014dbf738d8768ca9a744ccc5bf2de2
SHA1 hash:
4579ce04da8207c34d5678ab2a86bc40b0c11a7a
Link:
https://www.unpac.me/results/eaed9fab-f1e0-4df5-bedb-197fc0f262ae/
SH256 hash:
1718503a4c7604a8c964c0cd646b747e365a277b067acf45fb7c619f0538fe5b
MD5 hash:
38d3a8276a86660fe51ee8560ac6600f
SHA1 hash:
f376096d3a14460def691b652a809c03ac06f351
Link:
https://www.unpac.me/results/eaed9fab-f1e0-4df5-bedb-197fc0f262ae/
SH256 hash:
a6876fe9efa8a8cfd87c09e52bee9e313aa6285d79060fe8efec3f7b82438f08
MD5 hash:
9326ea6e2451888b01bb2ed61bae5f7c
SHA1 hash:
8ea5cfa866eb0ab82cd341ac3ed1c381ec13109f
Link:
https://www.unpac.me/results/eaed9fab-f1e0-4df5-bedb-197fc0f262ae/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.74
Link:
https://yomi.yoroi.company/submissions/a6876fe9efa8a8cfd87c09e52bee9e313aa6285d79060fe8efec3f7b82438f08

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a6876fe9efa8a8cfd87c09e52bee9e313aa6285d79060fe8efec3f7b82438f08

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/386887/
  
URLhaus
https://urlhaus.abuse.ch/url/1915732/
  
Delivery method
Distributed via web download

Comments