MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab175c1c5de8c9e9a2cbe7a9a14dac53371df20aa680f9df1cf7ca9939b60bbc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab175c1c5de8c9e9a2cbe7a9a14dac53371df20aa680f9df1cf7ca9939b60bbc
SHA3-384 hash: c043cd6d8ee31c70e1e641935078c217b011519f2398b27b01fb618c6fe7d5da403256a1109451bf4442f9bea8d021bc
SHA1 hash: db0bc4d297db510c4ca0f471be18fd93b044f082
MD5 hash: 7e2553a136d23ed2827604fa1c987158
humanhash: jersey-don-spring-magnesium
File name:SecuriteInfo.com.Variant.Lazy.231082.27845.16396
Download: download sample
File size:3'976'192 bytes
First seen:2022-12-11 07:27:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (391 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 98304:U0x0cEqbESDO6XG22f5I6VlReIi0cpIAUELY8TFfTGFjS7l8p:U1sESDOY2f1lRe9NHLYMFfTGFjOOp
Threatray 3'504 similar samples on MalwareBazaar
TLSH T12F06339DA80A6390E6360D3DA3F96A08718C177CA50D6D5717F2F69CCBB782881F2D5C
TrID 86.3% (.EXE) UPX compressed Win64 Executable (70117/5/12)
6.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
2.4% (.EXE) OS/2 Executable (generic) (2029/13)
2.4% (.EXE) Generic Win/DOS Executable (2002/3)
2.4% (.EXE) DOS Executable Generic (2000/1)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
172
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/345117/
Detection(s):
SecuriteInfo.com.Variant.Lazy.231082.27845.16396.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the window
DNS request
Creating a file in the %temp% directory
Running batch commands
Launching a process
Windows shutdown
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/639586830a5c344f30c16528/reports/922736de-0838-43c5-891b-346be02a2b6e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
ngrok-server
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/975415a6-aa57-4f1d-ac88-0f123851df0b
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1132129
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab175c1c5de8c9e9a2cbe7a9a14dac53371df20aa680f9df1cf7ca9939b60bbc/
Threat name:
Win64.Trojan.Lazy
Create hunting rule
Status:
Malicious
First seen:
2022-12-11 07:28:16 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
14 of 26 (53.85%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vmlvyhc55de6tiwl46u2ctnmkm3r34qku2aptxy467fjsonwbo6a._file
Verdict:
malicious
Similar samples:
275e4c659edeeb5dd650b29253f72c8e95b7556e465253fabf8264d76abb2f02
59b298046b7092f498220a974fd2bc753ea6d926dfc6eaa70394d9096c2a7900
b1256289d4aaada74a40b6ca52aa0d382b7660943ea31744486007653ee925ad
bf5f4d7b6ef1fdb903677e4ede04fb49952e08cee79822b9b53642bb5d1e6f02
d1cdb6b3145e1b6d65ef1d8f5864484678e0436b34d8c8e674471332c11b099e
d2c47b1c94e6beadbc222771e788e9dafe194c462760b0d16cd25cbc0a572a00
f8f27ae04481c96fdc875300dee32d19017a888d730e1f1586163be2a6a55176
+ 3'494 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/221211-janx4sgf67/
Behaviour
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
UPX packed file
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/9e15106c-9ad3-4312-ab59-73d6716f5586
Unpacked files
SH256 hash:
981e4627bb60165cb98040d40ab7000f4e0b0633abe1f3902482f3cb648f67a8
MD5 hash:
0b16707a14d5e57eb63787aa9afdd5bf
SHA1 hash:
e2aa65a55d36c16686f6c5ad80780d32e6e3a94c
Link:
https://www.unpac.me/results/cca3df48-b5d3-450e-928d-6820a5115f19/
SH256 hash:
ab175c1c5de8c9e9a2cbe7a9a14dac53371df20aa680f9df1cf7ca9939b60bbc
MD5 hash:
7e2553a136d23ed2827604fa1c987158
SHA1 hash:
db0bc4d297db510c4ca0f471be18fd93b044f082
Link:
https://www.unpac.me/results/cca3df48-b5d3-450e-928d-6820a5115f19/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ab175c1c5de8/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ab175c1c5de8c9e9a2cbe7a9a14dac53371df20aa680f9df1cf7ca9939b60bbc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/345117/

Comments