MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb844107525558a6598d2d6173dfd555bb0b6cc03d74131125d606afd0c84a4a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb844107525558a6598d2d6173dfd555bb0b6cc03d74131125d606afd0c84a4a
SHA3-384 hash: 27cdb78ddc7541e82c71f7237a6ff155381e73688a301e9f0148888efe0e95a87d6b479b778da7d9c332477894f5c002
SHA1 hash: d39c6720d27cf2ac37884d3a23076ba7bd631d40
MD5 hash: e4ad714963d3858f00d552ee02bf956c
humanhash: magnesium-purple-grey-fanta
File name:Snake_Game_Setup.exe
Download: download sample
File size:16'733'335 bytes
First seen:2022-05-05 05:28:05 UTC
Last seen:2022-05-05 09:45:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e569e6f445d32ba23766ad67d1e3787f (259 x Adware.Generic, 41 x RecordBreaker, 24 x RedLineStealer)
ssdeep 393216:hPXZtqtnppt/If5tSoOKoT+9MnNyKDKBX2:hPptWppt/k5t3oT+JA
Threatray 357 similar samples on MalwareBazaar
TLSH T1A0F6333FF258A53EC4AF0B7155B35260887B7A60A81A8D1E07FC780DCF765601E3B666
TrID 49.7% (.EXE) Inno Setup installer (109740/4/30)
19.5% (.EXE) InstallShield setup (43053/19/16)
18.8% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
4.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 5050d270cccc82ae (109 x Adware.Generic, 43 x LummaStealer, 42 x OffLoader)
Reporter Galaxy79146064
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
258
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Snake_Game_Setup.exe
Verdict:
Malicious activity
Analysis date:
2022-04-30 23:59:36 UTC
Tags:
installer
Link:
https://app.any.run/tasks/33c72150-8bb9-4433-9ef4-fe1ade2cae1a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Searching for the window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe expand.exe overlay packed setupapi.dll shell32.dll
Link:
https://www.filescan.io/uploads/6273606a5c1970f8bbe9024d/reports/f2fab1cb-d3ed-40c1-a172-05aed30ea753/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/594786be-3910-4bce-b13b-3773b51142d7
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
15 / 100
Link:
https://www.joesandbox.com/analysis/988252
Signature
Obfuscated command line found
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb844107525558a6598d2d6173dfd555bb0b6cc03d74131125d606afd0c84a4a/
Verdict:
unknown
Similar samples:
216b9c35ce0b737fd5e636071925b930e15089b93290b0bc81530007b3c77192
49d0d2a3b58255fd7c36dacc34c5ef977187f2e1ecc8cfd4cf0e35c47824fa8b
595e1545c53d27fb1315e70b241e66f44b28a49be59a717ca4936d167e121470
6fe99e1ad9f91735ffecf032c4bc4f57a16a21f104a34442381b23b259fd9c9c
9d4f9aac1933e09f5ab82d1e247c77e624be93d086a81caf116af28555ddcc3c
d2205532e27cf8ae9dbc0a62fdf3fca598f5fa8f9cc948bec49df54b0b8a8cd6
+ 347 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220505-f6knsaaabq/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
7a3e97bd2486ac196fd7e6d3c92898b58c5cc7159848cd3b938b3a58f21d468f
MD5 hash:
b27505e3a20418498327d1149cdfc6e7
SHA1 hash:
bbdc119e2f8b6b536c6a6df3f957ece967341ace
Link:
https://www.unpac.me/results/9b1148a0-0f25-449b-9c42-4f4d599db69b/
SH256 hash:
bb844107525558a6598d2d6173dfd555bb0b6cc03d74131125d606afd0c84a4a
MD5 hash:
e4ad714963d3858f00d552ee02bf956c
SHA1 hash:
d39c6720d27cf2ac37884d3a23076ba7bd631d40
Link:
https://www.unpac.me/results/9b1148a0-0f25-449b-9c42-4f4d599db69b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bb844107525558a6598d2d6173dfd555bb0b6cc03d74131125d606afd0c84a4a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments