MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b61d3d1fbd98a10bd0f050173ca38941fb11b859872894b88bca7cfdd5cd2597. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 4 File information Yara Comments

SHA256 hash: b61d3d1fbd98a10bd0f050173ca38941fb11b859872894b88bca7cfdd5cd2597
SHA3-384 hash: cfbed0e9b428a771bb227325eb823a1a1e738d094d806fba1a69acd1ae8501a913189384dad3d0a517f666b3a7ee8721
SHA1 hash: 5586a9d9f7c55746440b9acc5e2750976f760e13
MD5 hash: 8b2fe02e4c2f00122cdf43bc7e06277e
humanhash: apart-december-mexico-jig
File name:SecuriteInfo.com.Trojan.PWS.Steam.16681.8330.25628
Download: download sample
Signature n/a
File size:520'192 bytes
First seen:2020-08-01 12:28:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 270c0e002423141a7b653e8206e2e52c
ssdeep 12288:y1nPEWpEQe6aP76Lzr8kZG2HyOtineJ3q2aONPd:y1Ma4pO8kZG2AEq2JNV
TLSH 3BB4E136FB42D917F99504F9F69C828430003F396A98E56373C09F6DA1326E2DAA5F17
Reporter @SecuriteInfoCom

Intelligence


File Origin
# of uploads :
1
# of downloads :
30
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
80 / 100
Signature
Contains functionality to steal e-mail passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
PE file has a writeable .text section
Tries to steal Mail credentials (via file access)
Behaviour
Behavior Graph:
Threat name:
Win32.Backdoor.FlawedAmmy
Status:
Malicious
First seen:
2019-06-11 07:43:33 UTC
AV detection:
25 of 31 (80.65%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
JavaScript code in executable
JavaScript code in executable
Checks installed software on the system
Reads user/profile data of local email clients
Reads user/profile data of local email clients

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b61d3d1fbd98a10bd0f050173ca38941fb11b859872894b88bca7cfdd5cd2597

(this sample)

  
Delivery method
Distributed via web download

Comments