MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae23b1d2d4ab785d755af246d6d82fca9fab091dbb4f886ac136812805354efd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae23b1d2d4ab785d755af246d6d82fca9fab091dbb4f886ac136812805354efd
SHA3-384 hash: 69eb94eadf9e5f77bd6900a604a9945ee31e160e48bb874dec9b4087dd294d2c9298f06a3f9f5904498b5dd023dd7170
SHA1 hash: 6ef978264ec7c26011e1ae99f5f5e245107b0475
MD5 hash: ab99e71c87f024b99c10c02f88b3e40b
humanhash: purple-kentucky-early-texas
File name:ab99e71c87f024b99c10c02f88b3e40b
Download: download sample
File size:57'344 bytes
First seen:2021-07-27 17:47:22 UTC
Last seen:2021-07-27 18:47:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bf43a37a6ae0ed2852f82f44f0a6f32a (1 x ClipBanker)
ssdeep 768:noyjFenzoDcTEZF2VtC7Nrcti/S/Lr1teel6+:nSkITZCOt2wrzl6+
Threatray 1'168 similar samples on MalwareBazaar
TLSH T1D8436B1379F2C173D692457228724F4B9BBFBA311A749A5B6BA40B4D2E31590CA3F307
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ab99e71c87f024b99c10c02f88b3e40b
Verdict:
Suspicious activity
Analysis date:
2021-07-27 17:50:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1e2f66c4-20de-4aa6-9c58-9c4dc8b3cd2d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174483/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader40.49527.7283.30867.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt to an infection source
Sending a UDP request
Query of malicious DNS domain
Sending a TCP request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b584bd4e-46d8-4d90-9f3f-f025fbc7d03f
Result
Threat name:
Cookie Stealer
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/822610
Signature
Creates processes via WMI
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Cookie Stealer
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-07-26 17:36:00 UTC
AV detection:
9 of 28 (32.14%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
09abe799d30cdceab1600a1421583b1d7a5d3a9b14fb89e7dfa8d4ca4e5c85ac
10b52b26be692aea2c0365965a300d479698bdd72910592b55ea42dcb5a29e1b
12344b1913ac3ae118e0924428330f30f3987737a6582094686c286c0de3faa7
244e43b042445635b9311f0a575a30bf27644ec34e5fc7085447f09859c7d968
7010d5ddded81107f17f04b164bdcf1d3f9cd3e84745f711ad5178356c13bff7
91949edb9145bda3b1336a5513c44707a86300ca5a378411c9bf8800b8127db9
9903a60fb9521a9d2c24f5ebc862139708269ce5b287d13a5202626ee8405234
9df54d4e8faccc9aff9d8ea76a8aaf9e1f64ef0e32dbe9904b4654cee4884e1e
ab8d377d550ebae841ab75d2d6257fb38960efc049037bbd2468483871897e5d
eddbfe52ba633950c388e0303d5a04453f9ba9e3a3cdc60f9a1355707cd209e6
+ 1'158 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210727-7ls4pjynte/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies registry class
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Loads dropped DLL
Process spawned unexpected child process
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
ae23b1d2d4ab785d755af246d6d82fca9fab091dbb4f886ac136812805354efd
MD5 hash:
ab99e71c87f024b99c10c02f88b3e40b
SHA1 hash:
6ef978264ec7c26011e1ae99f5f5e245107b0475
Link:
https://www.unpac.me/results/febbd5b7-ed5f-4b10-b830-64857f6b6967/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ae23b1d2d4ab785d755af246d6d82fca9fab091dbb4f886ac136812805354efd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ae23b1d2d4ab785d755af246d6d82fca9fab091dbb4f886ac136812805354efd

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1485200/
Cape
Cape
https://www.capesandbox.com/analysis/174483/

Comments


Avatar
zbet commented on 2021-07-27 17:47:23 UTC

url : hxxp://live.goatgame.live/userf/29.exe