MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae7752f2d09d42090b41558309118f902afc0071e627fd6283ee7d314ecb5319. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae7752f2d09d42090b41558309118f902afc0071e627fd6283ee7d314ecb5319
SHA3-384 hash: 4fe71c3e2feb37d84731e437f4f4378cfae1d5a999f0bd47890d4fb1046b62d2dcbc0f2816edf397c4bde576c04766aa
SHA1 hash: c817225477b6a0a90ba647c60f69dfce9f8ab301
MD5 hash: 315c3b97fd18577e360e4956a7130d51
humanhash: magazine-nine-wolfram-video
File name:ae7752f2d09d42090b41558309118f902afc0071e627fd6283ee7d314ecb5319
Download: download sample
File size:966'720 bytes
First seen:2022-02-23 14:08:56 UTC
Last seen:2022-02-23 16:20:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 71ece0c59f467938bb7cf321dccd47b8
ssdeep 24576:JuIAZN1mLeM37s0e/2WXVmhMX8ppn5EKVyD/J:Jre27sb9EpJShrJ
Threatray 5'347 similar samples on MalwareBazaar
TLSH T136251266EA1442F1F5F10172E9FE7DE6166AAE76031420D723E478666C712E3173A30F
File icon (PE):PE icon
dhash icon e081f1d9d0c9b3e1
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
187
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6442457703809024.zip
Verdict:
No threats detected
Analysis date:
2022-02-25 14:20:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b0613cdb-6eaf-4108-b2fa-dc95f0ee9774

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
PlugX
Create hunting rule
Link:
https://www.capesandbox.com/analysis/243810/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Agent.mc.9525.31102.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
Launching cmd.exe command interpreter
Launching a process
Using the Windows Management Instrumentation requests
Moving a file to the %temp% subdirectory
Creating a process from a recently created file
Creating a window
DNS request
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/7151/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
keylogger overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/62164005ac8ad0468b6beec3/reports/8ad38888-fa37-4892-82f3-d8c9a3b5f5d2/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3c490186-bc71-47de-9855-34c3dff23fa0
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/944811
Signature
Contains functionality to register a low level keyboard hook
DLL reload attack detected
Drops PE files with a suspicious file extension
Found API chain indicative of debugger detection
Found many strings related to Crypto-Wallets (likely being stolen)
Multi AV Scanner detection for submitted file
Obfuscated command line found
Renames NTDLL to bypass HIPS
Sigma detected: Execution of Suspicious File Type Extension
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 577289 Sample: sd33yIbJ8f Startdate: 23/02/2022 Architecture: WINDOWS Score: 96 41 Multi AV Scanner detection for submitted file 2->41 43 Found many strings related to Crypto-Wallets (likely being stolen) 2->43 45 Sigma detected: Execution of Suspicious File Type Extension 2->45 8 sd33yIbJ8f.exe 6 2->8         started        process3 signatures4 47 Contains functionality to register a low level keyboard hook 8->47 11 cmd.exe 1 8->11         started        process5 signatures6 57 Obfuscated command line found 11->57 59 Drops PE files with a suspicious file extension 11->59 14 cmd.exe 2 11->14         started        18 conhost.exe 11->18         started        20 conhost.exe 11->20         started        process7 file8 35 C:\Users\user\AppData\Local\...behaviorgraphioco.exe.pif, PE32 14->35 dropped 61 Obfuscated command line found 14->61 22 Gioco.exe.pif 14 14->22         started        27 tasklist.exe 1 14->27         started        29 tasklist.exe 1 14->29         started        31 4 other processes 14->31 signatures9 process10 dnsIp11 37 brionw33.top 91.238.105.72, 49778, 80 BYTES-ASCZ Czech Republic 22->37 39 DFopdmLScVZtRBX.DFopdmLScVZtRBX 22->39 33 C:\Users\user\AppData\...\vLRPqRGTwpv.dll, PE32 22->33 dropped 49 DLL reload attack detected 22->49 51 Found API chain indicative of debugger detection 22->51 53 Tries to harvest and steal browser information (history, passwords, etc) 22->53 55 3 other signatures 22->55 file12 signatures13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae7752f2d09d42090b41558309118f902afc0071e627fd6283ee7d314ecb5319/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-02-23 14:09:11 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0e4c64a675fbce01bc1f600d2d5b19b22f61b0190865689852a566feefbdb081
20a605a18b48b55adb6ae9c0024013be69ec884e7407ca50b39177035dc7b948
2f4a6cd21ceebfe35a5598ef33ffa9276b5682cb729d941774bcf988004a2a16
3d898349908143bef8f7652dada13c6075f84af469349be709b1d33d2ddf6672
56637e06a35402eda9bf01f868a88cd3e3a683ed0ee092b8bfcb8118c36d04a4
934a9881f22c30976cb47fdef452982f4dca6a0b94e67d2c64fe798850601771
9bf4c9b6c5e930ce91b84920a73d9111793e6d31477458043e94b649147ebf71
9f86527e3ca4530bb3209d8608dae083afab4ef2cf7b0ae23bcd6fdc322a0c33
a9512d7f86393138f7c628ea275242542d3aeab0616979bff5de178841d22024
+ 5'337 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220223-rf53ksadb4/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
9c0eb4eaa61d3a27d3fb534b9858b012f655adfd7150e717550a8be2618f866f
MD5 hash:
28df82876116116fcf296494683d79a8
SHA1 hash:
9f5d2515bca9c6d2fc122ec7060e8d95065d6a60
Link:
https://www.unpac.me/results/c6ce808b-db2e-4ce7-8b01-3af217a48064/
SH256 hash:
ae7752f2d09d42090b41558309118f902afc0071e627fd6283ee7d314ecb5319
MD5 hash:
315c3b97fd18577e360e4956a7130d51
SHA1 hash:
c817225477b6a0a90ba647c60f69dfce9f8ab301
Link:
https://www.unpac.me/results/c6ce808b-db2e-4ce7-8b01-3af217a48064/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/ae7752f2d09d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/ae7752f2d09d42090b41558309118f902afc0071e627fd6283ee7d314ecb5319

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/243810/

Comments