MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b61d3d1fbd98a10bd0f050173ca38941fb11b859872894b88bca7cfdd5cd2597. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b61d3d1fbd98a10bd0f050173ca38941fb11b859872894b88bca7cfdd5cd2597
SHA3-384 hash: cfbed0e9b428a771bb227325eb823a1a1e738d094d806fba1a69acd1ae8501a913189384dad3d0a517f666b3a7ee8721
SHA1 hash: 5586a9d9f7c55746440b9acc5e2750976f760e13
MD5 hash: 8b2fe02e4c2f00122cdf43bc7e06277e
humanhash: apart-december-mexico-jig
File name:SecuriteInfo.com.Trojan.PWS.Steam.16681.8330.25628
Download: download sample
File size:520'192 bytes
First seen:2020-08-01 12:28:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 270c0e002423141a7b653e8206e2e52c
ssdeep 12288:y1nPEWpEQe6aP76Lzr8kZG2HyOtineJ3q2aONPd:y1Ma4pO8kZG2AEq2JNV
Threatray 27 similar samples on MalwareBazaar
TLSH 3BB4E136FB42D917F99504F9F69C828430003F396A98E56373C09F6DA1326E2DAA5F17
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.PWS.Steam.16681.8330.25628.UNOFFICIAL
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/406576
Signature
Contains functionality to steal e-mail passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
PE file has a writeable .text section
Tries to steal Mail credentials (via file access)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b61d3d1fbd98a10bd0f050173ca38941fb11b859872894b88bca7cfdd5cd2597/
Threat name:
Win32.Backdoor.FlawedAmmy
Create hunting rule
Status:
Malicious
First seen:
2019-06-11 07:43:33 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
10939877f109569dff853eef9ddb462dda69871bc04b44d45d1a784a21a208ba
276c169d7b842d092da93f16ae55bda7b01b0ded9bb12166b4c6eddc1dc49462
308c427638d7aa1a48809ce6dc4125bbccc3f5730a602174baf886e61699ef4d
5c05707de780f92a6d29dd9610e5f23cdc3a4f9fba9ef5902fac72abc56bd26c
81fd4490cd810f93366708b6f01f7272aa7bc2d6dda02219d18b18b07cda3f4b
832782af8ac7a682f48d5a00f549a5474d6b2524386c8826eae41982db8597c3
ac120fadb0fde46db30df42a52a0b65d34fa6621fa13f18c11b5fe93626dcf6d
b265a179bab6fe80bb3b81544e3f04e285a7b90b17e01bc34881e502aa5bb489
bc56a888670e5f283189a902abbc9f57a808a66b2938fde1480509c2cb265841
fa3b184df1f3b9ed637a7f8f9c557dca6871c7f150badb172947809bddf1c6d0
+ 17 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware
Link:
https://tria.ge/reports/200801-5vdpvbz966/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
JavaScript code in executable
JavaScript code in executable
Checks installed software on the system
Reads user/profile data of local email clients
Reads user/profile data of local email clients
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b61d3d1fbd98a10bd0f050173ca38941fb11b859872894b88bca7cfdd5cd2597

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/423255/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/36887/

Comments