MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd782819dfcc4939eed29dd647243a06e4540f6b76902b3443612ca0dc6cfafc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd782819dfcc4939eed29dd647243a06e4540f6b76902b3443612ca0dc6cfafc
SHA3-384 hash: 3aa58e8cd2d61f559ca4e2c92e9bc09b9043165150abd555aebfbeca2c1ae95892cd8b13db6666a0cba01b353574537b
SHA1 hash: bde8106b74e039932ae6aabae82761cb7d843dbf
MD5 hash: ac07825bf52f8b3fc83474c94480c342
humanhash: nebraska-cola-crazy-blue
File name:ac07825bf52f8b3fc83474c94480c342
Download: download sample
File size:3'078'723 bytes
First seen:2022-06-01 07:34:41 UTC
Last seen:2022-06-01 08:38:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d0dfe559e003c7370c899d20dea7dea8 (9 x RedLineStealer, 1 x Amadey)
ssdeep 49152:8mRQEdJh904FEOBJ0oZK34NH2zt8KBe2hua8jGc1ii0k:8UQEdJh904FEO/0j4NH2zOKBziCc8k
Threatray 64 similar samples on MalwareBazaar
TLSH T1DBE54B139B8B0E65CDC27BB461CB633B9734EE30CA269B7FE608C53559532C5681AB43
TrID 33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
21.3% (.EXE) Win64 Executable (generic) (10523/12/4)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
282
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ac07825bf52f8b3fc83474c94480c342
Verdict:
No threats detected
Analysis date:
2022-06-01 08:51:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cb7beb9a-779a-4482-a4b5-ad10f5f72f42

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/275943/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.32508.13676.8935.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Sending a custom TCP request
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6dffeeba-b438-49e1-bee2-f1a007938e30
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1004799
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 637291 Sample: Zqt2Uwj1fj Startdate: 01/06/2022 Architecture: WINDOWS Score: 60 18 Multi AV Scanner detection for submitted file 2->18 6 Zqt2Uwj1fj.exe 1 2->6         started        process3 signatures4 20 Writes to foreign memory regions 6->20 22 Allocates memory in foreign processes 6->22 24 Injects a PE file into a foreign processes 6->24 9 WerFault.exe 23 9 6->9         started        12 conhost.exe 6->12         started        14 AppLaunch.exe 6->14         started        process5 file6 16 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 9->16 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd782819dfcc4939eed29dd647243a06e4540f6b76902b3443612ca0dc6cfafc/
Threat name:
Win32.Trojan.SpyStealer
Create hunting rule
Status:
Malicious
First seen:
2022-05-24 08:53:41 UTC
File Type:
PE (Exe)
AV detection:
24 of 26 (92.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xv4cqgo7zrett3wstxleojb2a3sfid3lo2icwncdmewkbxdm7l6a._file
Verdict:
malicious
Similar samples:
10835ba7c73aa0239a2f7b60264afa9c31aec8f719388ac13c07a23ea221bd20
20579be1049258522233c39acfae3076c8af1c64aadcd2ec2f68e00c683fe229
2d2e2ad393b62986226d97b0430b25b5c5dfe5f7cb79f0aa4957631615bd441e
48f41b0138a1ab48c0caa4c76b5f81044d0e242cce0dccc7148b6a35e471c327
5ce0e58274dab68830fae75ead36072f3cfc6fff85f64917ff4741864e3970bb
61993e08ea08b735c8966bea3c2cab4dbd2c62ccd1ad88ec42c59e1a9a8f8c71
9081075827ae06456b3d6d0e025fc92fc0f586f1b21a7d59a698a0d16860cdfb
93a849272c8cd95c44685d207ccc52d5d458d149bdbe6792f5410c54bf378790
b7f009ba8bfbe0804a9b678fc7329b64a7055661e018a839b2ccca4a2822bc77
d0733e6d63cc945305a0cd7aa12b86b75d0c6840f7d9ec853aca379c18c22528
+ 54 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/220601-jepefaahak/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
00e8f36ceba7a4b92f70a3d55ea1e106e9738222ba85c25347ee22df1629fe2f
MD5 hash:
90826dbb4150597cd93e414044e18a05
SHA1 hash:
5cecfa56c48c26547a2765eb08a15adde9f4748b
Link:
https://www.unpac.me/results/6e95b7f5-6528-4b8b-aa5e-5446ab76b98e/
SH256 hash:
bd782819dfcc4939eed29dd647243a06e4540f6b76902b3443612ca0dc6cfafc
MD5 hash:
ac07825bf52f8b3fc83474c94480c342
SHA1 hash:
bde8106b74e039932ae6aabae82761cb7d843dbf
Link:
https://www.unpac.me/results/6e95b7f5-6528-4b8b-aa5e-5446ab76b98e/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/bd782819dfcc/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bd782819dfcc4939eed29dd647243a06e4540f6b76902b3443612ca0dc6cfafc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe bd782819dfcc4939eed29dd647243a06e4540f6b76902b3443612ca0dc6cfafc

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/275943/
  
URLhaus
https://urlhaus.abuse.ch/url/2220200/

Comments


Avatar
zbet commented on 2022-06-01 07:34:44 UTC

url : hxxps://www.videogameexpo.ca/39a613ac1a2f6cd8a53eedd97e682383.exe