MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdeb2f39c1b05dda7d2928b4a11295d75ff989778283f3a7eaa80d4e0d0b0c83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	bdeb2f39c1b05dda7d2928b4a11295d75ff989778283f3a7eaa80d4e0d0b0c83
SHA3-384 hash:	baa9e6f6e44725493a8053fa0f3ad7b52ca989edac80b70ed1c8753ebf2c69b9036030105e8b0df30e52402d37ef03ca
SHA1 hash:	1a25ef4fca4aba844c85ea543b4eb93dbcb01b37
MD5 hash:	a2afda4f5eb9bccdf466830a606b7961
humanhash:	queen-echo-august-mexico
File name:	file
Download:	download sample
File size:	2'657'496 bytes
First seen:	2022-12-08 20:47:24 UTC
Last seen:	2022-12-09 20:12:37 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e938cf895f4033bfe19de42d5b79b0de
ssdeep	49152:uGkQ29L4ykkB2AoofasxoszgQyq9Oq1WG2H/b7YztvNDN6jth2pIW4rbbB9pNP8:uGZmLHD2A7asx9zg5q2bIztvNDOD2pIe
TLSH	T1C8C58C58DA0390BEE82314F0167BF7FF9520563548A08D5BEA8CCDB4AE72DA2531971F
TrID	37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 12.7% (.EXE) Win64 Executable (generic) (10523/12/4) 7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://vk.com/doc767542893_651070091?hash=3D9CH7boQYKwafvYO2XuRLI0ZDdpOvqBsEIcsOygwVX&dl=G43DONJUGI4DSMY:1670504276:sBeIvbe3rdB9TZaSIL2TV4k339ren9geBwCioK4C53D&api=1&no_preview=1#105_14

Intelligence

File Origin

# of uploads :

# of downloads :

171

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/344491/

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.27216.24209.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Changing a file

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug hacktool overlay packed

Link:

https://www.filescan.io/uploads/63924d850c6473d16719ff93/reports/e060fa87-66b5-483e-895c-c8f3c36b40fe/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/5c5eeb9e-b4c7-4224-b9be-a10b3901eed6

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1131041

Signature

Machine Learning detection for sample

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bdeb2f39c1b05dda7d2928b4a11295d75ff989778283f3a7eaa80d4e0d0b0c83/

Threat name:

Win32.Adware.RedCap

Status:

Malicious

First seen:

2022-12-08 20:48:13 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

14 of 26 (53.85%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xxvs6oobwbo5u7jjfc2kceuv25p7tclxqkb7hj7kvagu4dilbsbq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/221208-zlfc4sed6x/

Behaviour

Reads user/profile data of web browsers

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/5b824857-ac81-4c30-aaf7-ff094cd45cd6

Unpacked files

SH256 hash:

bdeb2f39c1b05dda7d2928b4a11295d75ff989778283f3a7eaa80d4e0d0b0c83

MD5 hash:

a2afda4f5eb9bccdf466830a606b7961

SHA1 hash:

1a25ef4fca4aba844c85ea543b4eb93dbcb01b37

Link:

https://www.unpac.me/results/b4607638-7f62-46ad-ba17-77690616e37a/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.49

Link:

https://yomi.yoroi.company/submissions/bdeb2f39c1b05dda7d2928b4a11295d75ff989778283f3a7eaa80d4e0d0b0c83

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/344491/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample