MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 ae7752f2d09d42090b41558309118f902afc0071e627fd6283ee7d314ecb5319. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 8
| SHA256 hash: | ae7752f2d09d42090b41558309118f902afc0071e627fd6283ee7d314ecb5319 |
|---|---|
| SHA3-384 hash: | 4fe71c3e2feb37d84731e437f4f4378cfae1d5a999f0bd47890d4fb1046b62d2dcbc0f2816edf397c4bde576c04766aa |
| SHA1 hash: | c817225477b6a0a90ba647c60f69dfce9f8ab301 |
| MD5 hash: | 315c3b97fd18577e360e4956a7130d51 |
| humanhash: | magazine-nine-wolfram-video |
| File name: | ae7752f2d09d42090b41558309118f902afc0071e627fd6283ee7d314ecb5319 |
| Download: | download sample |
| File size: | 966'720 bytes |
| First seen: | 2022-02-23 14:08:56 UTC |
| Last seen: | 2022-02-23 16:20:42 UTC |
| File type: | |
| MIME type: | application/x-dosexec |
| imphash | 71ece0c59f467938bb7cf321dccd47b8 |
| ssdeep | 24576:JuIAZN1mLeM37s0e/2WXVmhMX8ppn5EKVyD/J:Jre27sb9EpJShrJ |
| Threatray | 5'347 similar samples on MalwareBazaar |
| TLSH | T136251266EA1442F1F5F10172E9FE7DE6166AAE76031420D723E478666C712E3173A30F |
| File icon (PE): | |
| dhash icon | e081f1d9d0c9b3e1 |
| Reporter | Anonymous |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
2
# of downloads :
187
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6442457703809024.zip
Verdict:
No threats detected
Analysis date:
2022-02-25 14:20:14 UTC
Tags:
n/a
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
PlugX
Result
Verdict:
Suspicious
Maliciousness:
Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
Launching cmd.exe command interpreter
Launching a process
Using the Windows Management Instrumentation requests
Moving a file to the %temp% subdirectory
Creating a process from a recently created file
Creating a window
DNS request
Result
Malware family:
n/a
Score:
8/10
Tags:
n/a
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
keylogger overlay packed shell32.dll
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Verdict:
Malicious
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
96 / 100
Signature
Contains functionality to register a low level keyboard hook
DLL reload attack detected
Drops PE files with a suspicious file extension
Found API chain indicative of debugger detection
Found many strings related to Crypto-Wallets (likely being stolen)
Multi AV Scanner detection for submitted file
Obfuscated command line found
Renames NTDLL to bypass HIPS
Sigma detected: Execution of Suspicious File Type Extension
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Generic
Status:
Suspicious
First seen:
2022-02-23 14:09:11 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
18 of 28 (64.29%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 5'337 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
8/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
9c0eb4eaa61d3a27d3fb534b9858b012f655adfd7150e717550a8be2618f866f
MD5 hash:
28df82876116116fcf296494683d79a8
SHA1 hash:
9f5d2515bca9c6d2fc122ec7060e8d95065d6a60
SH256 hash:
ae7752f2d09d42090b41558309118f902afc0071e627fd6283ee7d314ecb5319
MD5 hash:
315c3b97fd18577e360e4956a7130d51
SHA1 hash:
c817225477b6a0a90ba647c60f69dfce9f8ab301
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.