MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7fccc560bbac61bfc74829d2d4af7fbe362fc988192352a6ee90f8a651f3d06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	a7fccc560bbac61bfc74829d2d4af7fbe362fc988192352a6ee90f8a651f3d06
SHA3-384 hash:	b9f3aceb14359bbc46bf916d1c65fc5d3460c90e0ad8ce04756d4fa97bfe2e08ba5eabb5543b3bc023bea5838174deb3
SHA1 hash:	9429b4fa7b57f05099361862c4070f4533ba96bd
MD5 hash:	ea9775eca677ed8dea5646a7aa6b750e
humanhash:	pasta-yankee-utah-fifteen
File name:	ea9775eca677ed8dea5646a7aa6b750e
Download:	download sample
File size:	573'440 bytes
First seen:	2023-05-28 21:58:20 UTC
Last seen:	2023-05-29 07:11:58 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	12288:0tztfERIhRkcItwaKXJoqg+bZjrAR4b22A1Bii4jSfUKdzf:Kz9ERkItBKXf5NXAqA7id9Kdz
TLSH	T11BC42392C7E243F7E5AB82B5539FF72BD6342397A9C0D9B6EB72D4213242D3054290A1
TrID	42.7% (.EXE) Win32 Executable (generic) (4505/5/1) 19.2% (.EXE) OS/2 Executable (generic) (2029/13) 19.0% (.EXE) Generic Win/DOS Executable (2002/3) 18.9% (.EXE) DOS Executable Generic (2000/1)
Reporter	zbetcheckin
Tags:	32 exe

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

288

Origin country :

FR

Vendor Threat Intelligence

ANY.RUN Suspicious

Malware family:

n/a

ID:

1

File name:

ea9775eca677ed8dea5646a7aa6b750e

Verdict:

Suspicious activity

Analysis date:

2023-05-28 21:59:55 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/bc6b73fe-3321-47e4-a9eb-3a8faf7037e9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/392873/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Heur.Mint.Zard.25.25135.17274.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Launching a process

Creating a process with a hidden window

Creating a window

Сreating synchronization primitives

Creating a file

Moving a recently created file

Searching for many windows

Reading critical registry keys

Changing a file

DNS request

Sending a UDP request

Unauthorized injection to a recently created process

Sending a custom TCP request

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/6473cea7d0e7544ba5ed4f19/reports/56305c0a-8710-4792-9b03-2f51ac6a3e51/overview

Hybrid Analysis Mint.Zard.Generic

Verdict:

Malicious

Labled as:

Mint.Zard.Generic

Link:

https://www.hybrid-analysis.com/sample/a7fccc560bbac61bfc74829d2d4af7fbe362fc988192352a6ee90f8a651f3d06

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Unknown

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/c9200d7b-d592-4ca5-a607-5a03b27de8ed

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1244143

Signature

Antivirus / Scanner detection for submitted sample

Hides threads from debuggers

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a7fccc560bbac61bfc74829d2d4af7fbe362fc988192352a6ee90f8a651f3d06/

ReversingLabs TitaniumCloud Win32.Trojan.Amadey

Threat name:

Win32.Trojan.Amadey

Alert

Create hunting rule

Status:

Suspicious

First seen:

2023-05-28 21:36:05 UTC

File Type:

PE (Exe)

AV detection:

19 of 23 (82.61%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=u76myvqlxldbx7duqkos2sxx7prwf7eyqgjdkkto5ehyuzi7huda._file

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  6/10

Tags:

persistence

Link:

https://tria.ge/reports/230528-1v2hdagf34/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of NtSetInformationThreadHideFromDebugger

Adds Run key to start application

Drops Chrome extension

Enumerates connected drives

UnpacMe

Unpacked files

SH256 hash:

a7fccc560bbac61bfc74829d2d4af7fbe362fc988192352a6ee90f8a651f3d06

MD5 hash:

ea9775eca677ed8dea5646a7aa6b750e

SHA1 hash:

9429b4fa7b57f05099361862c4070f4533ba96bd

Link:

https://www.unpac.me/results/5bc1e6cb-84ff-4d73-8b1d-be88c08c25f2/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/a7fccc560bbac61bfc74829d2d4af7fbe362fc988192352a6ee90f8a651f3d06

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe a7fccc560bbac61bfc74829d2d4af7fbe362fc988192352a6ee90f8a651f3d06

(this sample)

  

Delivery method

Distributed via web download

  

URLhaus

https://urlhaus.abuse.ch/url/2643943/

Cape

https://www.capesandbox.com/analysis/392873/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-05-28 21:58:21 UTC

url : hxxp://162.55.212.236/77c43f7e_rd1.exe