MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7f009ba8bfbe0804a9b678fc7329b64a7055661e018a839b2ccca4a2822bc77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7f009ba8bfbe0804a9b678fc7329b64a7055661e018a839b2ccca4a2822bc77
SHA3-384 hash: 4b2ab2e31b2166204afc6856c97a494920ba96dfb7e5b65df3b71b082336caecb9701e7c9a9a6d68075e5c90d11f73bb
SHA1 hash: fef8d481f12ab7e299428b7beecd27cc0577ba05
MD5 hash: 0050eabfe5350b18112827e2f047705c
humanhash: two-diet-yankee-enemy
File name:Starter.exe
Download: download sample
File size:3'034'254 bytes
First seen:2022-05-30 16:53:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 89757deda76ff34613a913675f115eab (3 x RedLineStealer)
ssdeep 49152:esIapPA88Jzzy4dVw8q7ApPpyb1XnJoZwz:esIapPA88Jy4dVwJN
Threatray 53 similar samples on MalwareBazaar
TLSH T144E55C135A8B4E75DDC33BB4A1CB633A9734EE30CA269B7FF609C53599532C4681A702
TrID 33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
21.3% (.EXE) Win64 Executable (generic) (10523/12/4)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter JaffaCakes118
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
360
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Starter.exe
Verdict:
No threats detected
Analysis date:
2022-05-30 16:53:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3224e523-dd08-4264-bab0-73cf8c00a894

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/275536/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.32590.22358.15430.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Launching a process
Сreating synchronization primitives
Searching for synchronization primitives
Sending a custom TCP request
Launching a service
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug overlay packed redline spyeye wacatac
Link:
https://www.filescan.io/uploads/6294f6ac054dcf0eca05d632/reports/7bc480fc-86ae-4b53-876e-4b221e7760c6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f003f8fc-4a33-48d2-8a38-10927b75d878
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1003790
Signature
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 636286 Sample: Starter.exe Startdate: 30/05/2022 Architecture: WINDOWS Score: 64 23 Multi AV Scanner detection for submitted file 2->23 6 Starter.exe 1 2->6         started        process3 signatures4 25 Contains functionality to inject code into remote processes 6->25 27 Writes to foreign memory regions 6->27 29 Allocates memory in foreign processes 6->29 31 Injects a PE file into a foreign processes 6->31 9 WerFault.exe 23 9 6->9         started        13 conhost.exe 6->13         started        15 conhost.exe 6->15         started        17 AppLaunch.exe 6->17         started        process5 dnsIp6 21 192.168.2.1 unknown unknown 9->21 19 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 9->19 dropped file7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b7f009ba8bfbe0804a9b678fc7329b64a7055661e018a839b2ccca4a2822bc77/
Threat name:
Win32.Spyware.RedLine
Create hunting rule
Status:
Malicious
First seen:
2022-05-27 07:33:00 UTC
File Type:
PE (Exe)
AV detection:
21 of 25 (84.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w7yatoul7pqiasu3m6h4omu3mstqkvtb4amkqonsztfeukbcxr3q._file
Verdict:
malicious
Similar samples:
0641e05ea68f13feea00f6d69da6ad465d68353b9cebaccc7e17bf6b646d34cd
10835ba7c73aa0239a2f7b60264afa9c31aec8f719388ac13c07a23ea221bd20
20579be1049258522233c39acfae3076c8af1c64aadcd2ec2f68e00c683fe229
2d2e2ad393b62986226d97b0430b25b5c5dfe5f7cb79f0aa4957631615bd441e
48f41b0138a1ab48c0caa4c76b5f81044d0e242cce0dccc7148b6a35e471c327
61993e08ea08b735c8966bea3c2cab4dbd2c62ccd1ad88ec42c59e1a9a8f8c71
9081075827ae06456b3d6d0e025fc92fc0f586f1b21a7d59a698a0d16860cdfb
93a849272c8cd95c44685d207ccc52d5d458d149bdbe6792f5410c54bf378790
b32fee0012472a3a59cd889f163c2f4629e8042efe7dfc24d173f78d7bc0d3e7
+ 43 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/220530-veh37sgdhm/
Behaviour
Checks processor information in registry
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
883b0b27d198ffffed7294129b56839f66527a271d4f0aedb45901e49437dc86
MD5 hash:
8e9c7b04bc8505d8e3759a87241e4b5c
SHA1 hash:
9437b2cf8ab7d52ad730bd82599a21cbb82d28c8
Link:
https://www.unpac.me/results/1580b26d-d06f-453b-b657-d4fa401b41b7/
SH256 hash:
b7f009ba8bfbe0804a9b678fc7329b64a7055661e018a839b2ccca4a2822bc77
MD5 hash:
0050eabfe5350b18112827e2f047705c
SHA1 hash:
fef8d481f12ab7e299428b7beecd27cc0577ba05
Link:
https://www.unpac.me/results/1580b26d-d06f-453b-b657-d4fa401b41b7/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b7f009ba8bfb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b7f009ba8bfbe0804a9b678fc7329b64a7055661e018a839b2ccca4a2822bc77

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b7f009ba8bfbe0804a9b678fc7329b64a7055661e018a839b2ccca4a2822bc77

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/275536/

Comments