MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b61546030dbe1d3839d0244d814e48f88b36f70303750590b67cfed3486a4e8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b61546030dbe1d3839d0244d814e48f88b36f70303750590b67cfed3486a4e8d
SHA3-384 hash: b84de41f41f993c66eb21ad7f8e3111cec64fb5970d8e007da36a521049395fc2caa13e9a8d53c28d688ab48b29bd172
SHA1 hash: 6e88c17be40f743918502a18377c58c364987ef1
MD5 hash: 8b2ad4586afd626453dadb3c749a4bdc
humanhash: kentucky-zulu-oxygen-apart
File name:634e8898d4dbdh
Download: download sample
File size:4'490'240 bytes
First seen:2022-10-25 11:18:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:m+uBiKhBRO2GnAaQq6sVukrM+BOnbD7EjEJWyD+l+ELmkrcAM2u1K7m:kimu2CLukr1CbD7jWdkE6ScGuUm
Threatray 103 similar samples on MalwareBazaar
TLSH T1D4263361D085D708FB6F2DF3611FB2DDEE59B798854DB058FE52320F608A5B0632C1AA
TrID 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter JAMESWT_WT
Tags:exe wh1tesoftware-me

Intelligence

File Origin
# of uploads :
1
# of downloads :
209
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
https://goo-gl.me/Fortnite_
Verdict:
Malicious activity
Analysis date:
2022-10-19 05:56:57 UTC
Tags:
trojan raccoon recordbreaker loader stealer redline rat
Link:
https://app.any.run/tasks/e52efc8f-06d9-43ac-bb2d-f28fe8e4e51b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/323979/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Launching a process
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4b9d41e9-ea34-4232-835a-148cdb1a155e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad.spyw
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1097486
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queries memory information (via WMI often done to detect virtual machines)
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b61546030dbe1d3839d0244d814e48f88b36f70303750590b67cfed3486a4e8d/
Threat name:
Win64.Infostealer.BroPass
Create hunting rule
Status:
Malicious
First seen:
2022-10-21 02:42:32 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
18 of 42 (42.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wykumaynxyotqooqergyctsi7cftn5ydan2qlefwpt7ngsdkj2gq._file
Verdict:
malicious
Similar samples:
02c1c4241e1211580f078778611ae7c11d6f7a5bdef75cf01cbb6a5185f1c3a8
076be35a474ae63c118b15aff7bcf2bb4d97e6887c67ad63a49b466370fbd3fe
35ba668de0b81553c08865fa08b6d1dba20d36b7d284edf25d5f1b60f42f034b
42c5acd0133e2653a0e4f9792906d42f16cf44c6ea920dca1edaf74618feb437
4a75a23c13301872f46f4530b071bc4534a211435d5a8d8534b1455735c571b1
52fbe26c4b9fd1f8fae6d4840ef6741eb6c8bcd4f137f9139ae49b15d1590b20
65d77c6d99bfdf41472afef809ff3a719e16610ac76fc68994b10bbae824dc6d
89a8e60e76d8b381b9813d0da3168daea3aae23d8bb810166e3d5ac264eee7ee
9d5059722c2c1f4cf1f0388f3a15da44b883a9ca9127b9347fdb4933cc1fa6dd
e08d52d37a0eaa8bb7420ebc6a88c71ff0e2f01abc058cecb7978aa8b3be9ad0
+ 93 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/221025-net25sceap/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
UPX packed file
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/087d5bee-a063-497c-9752-fe98c2b2b6ed
Unpacked files
SH256 hash:
1a29999c8902b632eef9b5c3c47c93b4e74da507e6647433f2cc1e232d7eb871
MD5 hash:
dbdd426db7cfbd04ef3c5c20f76923c5
SHA1 hash:
bc77f822d9922817582cf8739f875c765a28320b
Link:
https://www.unpac.me/results/d4202e09-a345-4a64-8083-af0faf7dabd5/
SH256 hash:
b61546030dbe1d3839d0244d814e48f88b36f70303750590b67cfed3486a4e8d
MD5 hash:
8b2ad4586afd626453dadb3c749a4bdc
SHA1 hash:
6e88c17be40f743918502a18377c58c364987ef1
Link:
https://www.unpac.me/results/d4202e09-a345-4a64-8083-af0faf7dabd5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b61546030dbe1d3839d0244d814e48f88b36f70303750590b67cfed3486a4e8d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b61546030dbe1d3839d0244d814e48f88b36f70303750590b67cfed3486a4e8d

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/323979/
  
URLhaus
https://urlhaus.abuse.ch/url/2384221/
  
Delivery method
Distributed via web download

Comments