MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2c6d7124b3096afdd229975cbe2c3c3e681475307f4d8265c3f32d1658a0e1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2c6d7124b3096afdd229975cbe2c3c3e681475307f4d8265c3f32d1658a0e1f
SHA3-384 hash: af26db767b53f76df7b33976b25d2824c6c6a306bd989102a6530d145b508e2b5e019ef3ff8ff57e6d7279262322814a
SHA1 hash: 27a2539ed14ea7ec9c95d78c5ccf3c63e0d8fccd
MD5 hash: 00aae2e7365a2a916fef8b8c9c626e87
humanhash: whiskey-edward-low-low
File name:00aae2e7365a2a916fef8b8c9c626e87
Download: download sample
File size:338'409 bytes
First seen:2021-07-30 20:34:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a1a66d588dcf1394354ebf6ec400c223 (49 x RedLineStealer, 7 x CryptBot, 4 x AZORult)
ssdeep 6144:M5VP9Ge3+hoAvdeJBb5ncZQIbhJLUsm1AfRiDg47L5/r7AfyXq5Zek:M5393whFOBbJIbXUefRBeBGZl
Threatray 270 similar samples on MalwareBazaar
TLSH T1DF74E0517BC950F6C4932531886837B419BEFF391B2649D783803E0ABD36AE5D73A1CA
dhash icon 71e0c4e4e4e461b2
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
540
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
00aae2e7365a2a916fef8b8c9c626e87
Verdict:
Suspicious activity
Analysis date:
2021-07-30 20:39:11 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3b8b2ca9-c93e-4816-b6b9-433b14ca84db

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/175362/
Detection(s):
Win.Trojan.Generic-9874371-0
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d50c5572-a806-499c-bcb7-9f7a61d6b595
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/824702
Signature
Contains functionality to register a low level keyboard hook
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 457114 Sample: x30wSvDZ0H Startdate: 30/07/2021 Architecture: WINDOWS Score: 64 22 Multi AV Scanner detection for submitted file 2->22 24 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->24 7 x30wSvDZ0H.exe 7 2->7         started        process3 file4 20 C:\Users\user\AppData\Local\...\mphost.exe, PE32+ 7->20 dropped 26 Contains functionality to register a low level keyboard hook 7->26 11 mphost.exe 7->11         started        14 cmd.exe 1 7->14         started        signatures5 process6 signatures7 28 Multi AV Scanner detection for dropped file 11->28 16 WerFault.exe 20 9 11->16         started        18 conhost.exe 14->18         started        process8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b2c6d7124b3096afdd229975cbe2c3c3e681475307f4d8265c3f32d1658a0e1f/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-27 00:22:34 UTC
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
06607b04da0cd27e4a7abff3df7ee0be86df8226e81a5706351526a3101d2aa2
3688975dcd3f7829cfe55f7dd46166e0d6bd46c842c169c9fb4adb317f1d571f
4daba398d1d338f7eb29eef55e1afa4595dde813b27b33dcfb48ceff27e7e8b0
8cec146d7a7b594cf7748b35c63ea1fed2c994ef2cdbb5731f1b15d9c9fa1ee3
948fb39f8d7058b029ea1b36937c544ccaefab83d03fe6e7f609289c1f46dba8
980e27f0cf3ceda9a21d8651765a6eeedb513b7a169e31a4108ca6ce209de34f
a0ee463632a3799ed2b21d598d1fa8c4ed7198f3debd175a1eb89b2055b57ccd
df116f3585f1fe4b00c351a2941f6b85565e1fcc6da5569c6f7c80ddd1b4e2a8
e784ba83c1139d2d9880a2cd5546d1d7716694452ea84367fa9c238f97d5e5ad
f6e01e745aac03b46befca8daff61626ab55cbabbef93e31c2c3b01928f9c756
+ 260 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210730-vshvdqflfs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
b2c6d7124b3096afdd229975cbe2c3c3e681475307f4d8265c3f32d1658a0e1f
MD5 hash:
00aae2e7365a2a916fef8b8c9c626e87
SHA1 hash:
27a2539ed14ea7ec9c95d78c5ccf3c63e0d8fccd
Link:
https://www.unpac.me/results/149792d1-f96a-4404-a0dc-d8bd7fec6122/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b2c6d7124b3096afdd229975cbe2c3c3e681475307f4d8265c3f32d1658a0e1f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b2c6d7124b3096afdd229975cbe2c3c3e681475307f4d8265c3f32d1658a0e1f

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/175362/
  
URLhaus
https://urlhaus.abuse.ch/url/1493605/

Comments