MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab137f6379fdff534ffe92a8522189594bfa7f3ecb88ff3198472985f827157d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab137f6379fdff534ffe92a8522189594bfa7f3ecb88ff3198472985f827157d
SHA3-384 hash: 4546f18700a5b7ce7d21af82d99353e321b4c32e3db6b3f3e50e73f08e0eb38a7247d909ac60a2fd3e32bd9b86d5e677
SHA1 hash: 720dd0269c5cf925ac23dcb303d6d0018bf67317
MD5 hash: 00f02de5e169d8bfce1ef60cb59df7ce
humanhash: mirror-cola-louisiana-shade
File name:00f02de5e169d8bfce1ef60cb59df7ce.exe
Download: download sample
File size:4'538'880 bytes
First seen:2022-03-03 09:00:55 UTC
Last seen:2022-03-19 05:07:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7dc28ef949f54ad98c715895ecc34cff (79 x RedLineStealer, 2 x Formbook)
ssdeep 98304:So+BtKQfcDnGN4b8F6Ix4RQVjS5YwmCuZYrT3yqixfFagtS:S94lqN68F6o4RQQ5YwX8Yv3fixfFav
Threatray 1'494 similar samples on MalwareBazaar
TLSH T1642633ED03289501E6890AF83DDE619FFA05B699E899518FF1DD72AF8E406434D0CC9E
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
163
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/246809/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0bde0be1-b917-4d3e-ae50-043d229b6d2e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/949830
Signature
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file has nameless sections
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab137f6379fdff534ffe92a8522189594bfa7f3ecb88ff3198472985f827157d/
Threat name:
Win32.Infostealer.Convagent
Create hunting rule
Status:
Malicious
First seen:
2022-03-03 09:01:18 UTC
File Type:
PE (Exe)
AV detection:
21 of 42 (50.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0dee20eae747781c183499abc341feded87a5a6325f0a9b789067d1b6377ef89
162ab00c0e943f9548b04f3437867508656480585369cb705613dd3accfd54c2
26b68718e74708840c2dcb6a54ff5b32a0cbd532e38a646cfb722ff6b2a4daf0
48027757a1a094a10889267946a724be5cdb3e2e121198e9287fd2dcf6e27f57
8143c63631df50b95ccfc47822f808fbff228f1da4eb5e521c6352fbc678d118
862b72fabb93465f2abe15364e369cbd8bed626f7c6225e76e0412857a631afa
b554c35225b03058b8a649646f8c8665100064e1442c458e4f7e1f5c61e19dec
e833a4e60afdb1923d7ef837e8333218f82c08bb5de60a3e565c95e5f6c61f2e
f1d98438e664906a234fcffb43ec48b80f2722c28c5462fa04f859bca022187b
fd61c25b7d28f6cbf12269fc8733fa844fa888998c16f0046b1520761fc0d79c
+ 1'484 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220303-kywtasaba4/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
b7aa80de4c9ef96052cfa6b774abb968a76582147e17728d53b5671a5845b293
MD5 hash:
9a4180dc6d7353eeff4bd2f675077822
SHA1 hash:
e54261ff4c6f8dc4d1fc2b50a798fa504815f813
Link:
https://www.unpac.me/results/0c46be7b-7e62-4b50-846c-c55609db64f5/
SH256 hash:
ab137f6379fdff534ffe92a8522189594bfa7f3ecb88ff3198472985f827157d
MD5 hash:
00f02de5e169d8bfce1ef60cb59df7ce
SHA1 hash:
720dd0269c5cf925ac23dcb303d6d0018bf67317
Link:
https://www.unpac.me/results/0c46be7b-7e62-4b50-846c-c55609db64f5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ab137f6379fdff534ffe92a8522189594bfa7f3ecb88ff3198472985f827157d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ab137f6379fdff534ffe92a8522189594bfa7f3ecb88ff3198472985f827157d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2072907/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/246809/

Comments