MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aaa8ee28de147d75c7e751656975c5ae998a8ab6a153388d7eca7d0c46cf80ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 8 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aaa8ee28de147d75c7e751656975c5ae998a8ab6a153388d7eca7d0c46cf80ad
SHA3-384 hash: f9d817923ad96ef7ff94773ff0ea096c07e95c467d7d752af2b033a48a022e7f1469efb5e89d913d5a14f127d42b2f09
SHA1 hash: 08a0eded35d89696b51ac79d9833d55592a3c019
MD5 hash: edd06920bc8ac61b7cb8b59eba39429a
humanhash: apart-india-item-idaho
File name:edd06920bc8ac61b7cb8b59eba39429a
Download: download sample
File size:1'021'952 bytes
First seen:2024-11-01 21:11:28 UTC
Last seen:2024-11-01 23:18:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e84d11c378c8e8f83080cc0f510539d2
ssdeep 12288:4EUEK/alBxScnB04n9Cf8gzLRrtB25JsGW2EEYGVp3Am:hK/alBxFB0FUgzLRrtUJFW
Threatray 5 similar samples on MalwareBazaar
TLSH T12D259257E6B691E4D8B6D0389662722BBC713859833897D79B809B074B71FF0E93E340
TrID 44.4% (.EXE) Win64 Executable (generic) (10522/11/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter zbetcheckin
Tags:64 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
395
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
edd06920bc8ac61b7cb8b59eba39429a
Verdict:
No threats detected
Analysis date:
2024-11-01 21:13:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cb899ad1-4997-4d0f-b4d3-005f91795835

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Variant.Lazy.541289.24155.11359.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6725442a8d23d904913294f8
Tags:
emotet
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm crypto fingerprint microsoft_visual_cc obfuscated
Link:
https://www.filescan.io/uploads/67254429d71e009bb1f88ca9/reports/63df1c41-4f2c-454e-939c-1b21d1206881/overview
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/aaa8ee28de147d75c7e751656975c5ae998a8ab6a153388d7eca7d0c46cf80ad
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/915f8e09-bc76-4673-b927-612ac09b9201
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1547144
Signature
AI detected suspicious sample
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal saved passwords of Firefox
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/aaa8ee28de147d75c7e751656975c5ae998a8ab6a153388d7eca7d0c46cf80ad
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aaa8ee28de147d75c7e751656975c5ae998a8ab6a153388d7eca7d0c46cf80ad/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vkuo4kg6cr6xlr7hkfsws5ofv2myvcvwufjtrdl6zj6qyrwpqcwq._file
Verdict:
malicious
Label(s):
kleptoparasitestealer
Create hunting rule
Similar samples:
aaa8ee28de147d75c7e751656975c5ae998a8ab6a153388d7eca7d0c46cf80ad
ccb058d87e0b36a4707237da61542397228f48434616320d0f77d67e6ac82a26
e1563452082e8247f0b417639096ab9b29d22b41ca64d3671787c5f626a53c4a
error
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/241101-z4mj5sxkcn/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/27b797be-662b-406f-a176-267121dfacd1
Unpacked files
SH256 hash:
aaa8ee28de147d75c7e751656975c5ae998a8ab6a153388d7eca7d0c46cf80ad
MD5 hash:
edd06920bc8ac61b7cb8b59eba39429a
SHA1 hash:
08a0eded35d89696b51ac79d9833d55592a3c019
Link:
https://www.unpac.me/results/51628287-cfa0-4df3-8712-3e470c968f23/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/aaa8ee28de147d75c7e751656975c5ae998a8ab6a153388d7eca7d0c46cf80ad

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe aaa8ee28de147d75c7e751656975c5ae998a8ab6a153388d7eca7d0c46cf80ad

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3270225/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
DP_APIUses DP APICRYPT32.dll::CryptUnprotectData
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
Wlanapi.dll::WlanCloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetDiskFreeSpaceW
KERNEL32.dll::GetDiskFreeSpaceA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileA
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::CreateFileMappingA
KERNEL32.dll::DeleteFileW
KERNEL32.dll::DeleteFileA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegGetValueW
ADVAPI32.dll::RegSetValueExW

Comments


Avatar
zbet commented on 2024-11-01 21:11:29 UTC

url : hxxp://fiestagrandefm.com/ss/PASSWORDRECOVERY64EXE.EXE