MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b223137961759aab259243f94f9961d6d98bdfef5dfe325ac6b1aabb822f7a68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | b223137961759aab259243f94f9961d6d98bdfef5dfe325ac6b1aabb822f7a68 |
|---|---|
| SHA3-384 hash: | 4a44cc4563b0a83586fdca16b0b610904a3c677d7196bdbd2367cab250036665340ab2103fc65ef0a344c0e6b88bc7ab |
| SHA1 hash: | e5cd2cde594eb77b4a0b437a187d4acc2ec65177 |
| MD5 hash: | 1a37318157f52e5477fc6ce446a42f79 |
| humanhash: | thirteen-juliet-oven-tango |
| File name: | avast_secure_browser_setup.exe |
| Download: | download sample |
| File size: | 3'411'056 bytes |
| First seen: | 2021-04-07 18:46:37 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 24f4223e271413c25abad52fd456a9bc (21 x GuLoader, 15 x Loki, 10 x AgentTesla) |
| ssdeep | 49152:y1z/7bVuTpWUZ6wOCVMkqBSBmuQucS1nMp1aj4Wq0av9LURdeeIB8KYgnctJXt:C/7bVQYuMziMT6/ALYeeEtnWXt |
| TLSH | DAF5232857F4601EF1F39730EAB14A5328317C16A9709D7E1AC5230C29B35A6EDF17AB |
| Reporter |  fahadsoror |
Intelligence
File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
avast_secure_browser_setup.exe
Verdict:
Malicious activity
Analysis date:
2021-04-07 18:49:59 UTC
Tags:
n/a
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Detection(s):
Result
Verdict:
Clean
Maliciousness:
Behaviour
Creating a file in the %temp% directory
Creating a file
Delayed reading of the file
Creating a window
Reading critical registry keys
Deleting a recently created file
Sending a UDP request
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Searching for the window
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
bank.spyw.evad
Score:
45 / 100
Signature
Checks if browser processes are running
Checks if the current machine is a virtual machine (disk enumeration)
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Verdict:
suspicious
Result
Malware family:
n/a
Score:
7/10
Tags:
bootkit persistence spyware stealer
Behaviour
Checks SCSI registry key(s)
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Enumerates physical storage devices
Checks for any installed AV software in registry
Writes to the Master Boot Record (MBR)
Checks BIOS information in registry
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
a641555478ec672c7f56d7555ace1b6f1648c48b7e39d20eb9d0f7829fa4d03d
MD5 hash:
96fc6bf37fdafe7e9e8443442e248c92
SHA1 hash:
f50844958f147957cf29e7d18d1560aa02c3578f
SH256 hash:
7250476edd4317a735c5348d9758f9b24c921e85a405169e3e968d7c2a07a738
MD5 hash:
7eabcffde64bcb30afec2d4cf59d583a
SHA1 hash:
e192cb57d71a3d33919a7b0894786b1d5faf9e84
SH256 hash:
fe5bd594663c838819005a8bb58be37731963eaf2478497faf805238e87c056c
MD5 hash:
9775d726614a05721e968da4c89758b2
SHA1 hash:
dbb104d32eaf39a9e016223b15c097650bc6fff3
SH256 hash:
0d50866d9f133c0108d8dae69c67067e77ce16a7e11290dc0c22078ebb437161
MD5 hash:
db9673a2dc59f17a3fc3c6ef7f807c27
SHA1 hash:
cabb9edd27d3c28adfdf6a2d77cd0918dc6fd007
SH256 hash:
aa260674e317a50f6437334ad90ae10316aabb6d19e62f21b3c61d16b532d7c0
MD5 hash:
e5af72237b159f6c1433f9b7f94137a4
SHA1 hash:
b3791db0bfcf6ad28754a1155c63d81672db0a6b
SH256 hash:
86c0b37db8dad1bf4dd76a0a7118facda6a4acf7b33bfe16af9b407361987409
MD5 hash:
ff077ef8909623213ee42a361d04d4f5
SHA1 hash:
786f546b17ecad9e058f1cc7afb84588d40b7457
SH256 hash:
b544e6f837b33ea5cf42debeb4055e89843cdf3530198fbe3b5de5ca2d425e36
MD5 hash:
683fa73b5b920e520b62644269594985
SHA1 hash:
6ba05d5a92fb50c2b5252090530d358ccd2b083d
SH256 hash:
899550fec3f3922bade1ebbbbfd6e6b7f7533eacf8794aa5ae95c761f13a618b
MD5 hash:
5b3b1198d06f3761df864334399be3f8
SHA1 hash:
4d26e2ed1ab2b430910fd8491571ae78765ad6a8
SH256 hash:
bd365094ccd1974da5520fb7da2f187787511bc92cd23f1cdb5738b17ec407b7
MD5 hash:
77444eb7e94589a49d5f0669cd1c1503
SHA1 hash:
28dc0d1848fc34c7d73f49c8ecb62d24851a8166
SH256 hash:
5bfd9d285fa94f1b6f115a1bd6e944d1e2d3d2ae41ea2fd7b1f94357d9614e68
MD5 hash:
94385b98796096b8499459da7e40b2ad
SHA1 hash:
26c15e26a06d467a80019cfe50def6e7b7a7e361
SH256 hash:
bd26f68ae4eaa3f3b8cae3b353379ce13d9b22fdf7929e9c1ef5624c700b8d2b
MD5 hash:
a4340fa33bd8f414d1c4d249b0594863
SHA1 hash:
11cdcb4aa86e9278e393debf24aa5c6872833adc
SH256 hash:
b223137961759aab259243f94f9961d6d98bdfef5dfe325ac6b1aabb822f7a68
MD5 hash:
1a37318157f52e5477fc6ce446a42f79
SHA1 hash:
e5cd2cde594eb77b4a0b437a187d4acc2ec65177
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Multiple
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.Verdict: MAL Score: 45/100