MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2f43a3821b25e1dae64b151314963fe4e3319c91f20c590198869f49b380446. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	b2f43a3821b25e1dae64b151314963fe4e3319c91f20c590198869f49b380446
SHA3-384 hash:	76ca0a5af629b50071439cec457021675aaf2129407f2701095d48977c7b5e7802fb204fea93e647ebf7b505ebfddc1e
SHA1 hash:	a67c3db14d7302f35c1ad849e2b04bdcac142437
MD5 hash:	a9844c22d577c7c6f84442284c6c892b
humanhash:	mountain-south-sink-victor
File name:	file
Download:	download sample
File size:	4'510'208 bytes
First seen:	2023-02-19 12:34:09 UTC
Last seen:	2023-02-19 14:27:31 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	98304:FtHUiWQY1p79oNW+1Fz0ml6nZRsjtfpnGsrJQC7xoD:FthWQ2p79aJj0mMnIjtvD7K
Threatray	290 similar samples on MalwareBazaar
TLSH	T11E26330D2A9C7806E067DD34654B36D4EC99C0F6AF67B996CC8EE47BBD88C640B106DC
TrID	63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12) 24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.ICL) Windows Icons Library (generic) (2059/9) 1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://vk.com/doc10773776_659757868?hash=VDpHuHL8RrPKJClXRNjZ33MzNrnSe313di7os8LCPiP&dl=GEYDONZTG43TM:1676806395:aiyeE0UIztbyeu13vNbqJ9qnNt8wsFZRZmmDNEarGjz&api=1&no_preview=1#erg10

Intelligence

File Origin

# of uploads :

# of downloads :

236

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2023-02-19 12:37:49 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/ebeb8e1d-25e3-4249-b511-cb22a6402350

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/368212/

Detection(s):

SecuriteInfo.com.FileRepMalware.19147.13529.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Reading critical registry keys

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/63f21778b53d126ad2633637/reports/b16167f0-6012-4daf-a6f6-254844097381/overview

Verdict:

Malicious

Labled as:

WinGo/Agent_AGeneric.B trojan

Link:

https://www.hybrid-analysis.com/sample/b2f43a3821b25e1dae64b151314963fe4e3319c91f20c590198869f49b380446

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/987e9f57-9786-4a7d-86f4-f6d9ea003f54

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1178800

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b2f43a3821b25e1dae64b151314963fe4e3319c91f20c590198869f49b380446/

Threat name:

Win64.Infostealer.Goback

Status:

Malicious

First seen:

2023-02-19 12:35:11 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

15 of 25 (60.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wl2duobbwjpb3ltewfitcsld7zhdggojd4qmleazrbu7jgzyarda._file

Verdict:

unknown

2e557bd01d811580bda017fd1d1070d56d722e7d261474f2b404410f55ec1abc

37b90013b2b05efd0ff943fb6b3173bc802d5cc7eb0d24801ee5c298f30b5b3d

52fbe26c4b9fd1f8fae6d4840ef6741eb6c8bcd4f137f9139ae49b15d1590b20

61944d63af0a88ab927fa3bfb88eadd93435c4a851c2010756819cfaa90acde1

75520762f93c99c79ebac6081437b0b1ebf7122b1bcc1942484ea5de8e06a1ea

77ed638394053fe4fef1486f85bac2423f392a1f5e523f9ddf3f5dec289868d8

84a04190d479e2cf0fd459258a4fd4fc4a5059f96c355172e2c230f0bd1e863b

a162a4a82e21300ea8634e03e4d7f4b186cff8b9c41e2e9c46ca0c72e97aeacb

+ 280 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/230219-psby6afe62/

Behaviour

Reads user/profile data of web browsers

UPX packed file

Unpacked files

SH256 hash:

975d8189dc508a459090f0e065b7d70892785f0cf49e02ff7cf1c7350994b600

MD5 hash:

c8245a6afc526e20bb0ad2366fc27cc3

SHA1 hash:

d8f103338290124e1b6262b83f433768c2c9030d

Link:

https://www.unpac.me/results/645e2daa-10b8-4547-9a62-95451820cc99/

SH256 hash:

b2f43a3821b25e1dae64b151314963fe4e3319c91f20c590198869f49b380446

MD5 hash:

a9844c22d577c7c6f84442284c6c892b

SHA1 hash:

a67c3db14d7302f35c1ad849e2b04bdcac142437

Link:

https://www.unpac.me/results/645e2daa-10b8-4547-9a62-95451820cc99/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/b2f43a3821b25e1dae64b151314963fe4e3319c91f20c590198869f49b380446

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/368212/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample