MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfc5d64bcd1a7b794c7168c4ebddd06b817865e9d785b826adbd894d78a1fc5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	bfc5d64bcd1a7b794c7168c4ebddd06b817865e9d785b826adbd894d78a1fc5a
SHA3-384 hash:	5ec7b00c93055c871a771194e2b5b2ceeaca834b8f00a13ef1dcda715d686282eaf52c6abc1bbd3815565ecc9817f3d2
SHA1 hash:	b42cd6a6b9502607a4f77e23581e5e6db07a8698
MD5 hash:	951fee321ee65516ff36b634fc020116
humanhash:	delta-burger-river-papa
File name:	file
Download:	download sample
File size:	2'535'936 bytes
First seen:	2022-11-16 15:51:17 UTC
Last seen:	2022-11-17 01:42:33 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	49152:hVZ0eUJZ/Fgz1YwabTJ9OoJK/gdHwO+Hqtsj6ZT6KpLjWQ5snMCEkiSSYRvu0:hVOewZ6SZV9OoJigJwZoZ9p3unFtl
Threatray	188 similar samples on MalwareBazaar
TLSH	T164C533EF02CBBD75ECCAE87DF765CC560B1869D83E22E38F8E75326604641A4245CD89
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://vk.com/doc760750097_656206765?hash=spBWp8txBLZnlBzv7k5OLVsfncntkINM3fMWi7X5G4o&dl=G43DANZVGAYDSNY:1668612960:nW6zmtht2Dg3TN7HQXuqTPU1zNnynnEAGuLuHOgLMdo&api=1&no_preview=1#141

Intelligence

File Origin

# of uploads :

# of downloads :

181

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

No threats detected

Analysis date:

2022-11-16 15:52:29 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/654bbc14-c12c-489d-bee3-a04ae4fd1331

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/334906/

Detection(s):

SecuriteInfo.com.Win64.Evo-gen.12515.26604.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/637507246fda73cab64e14f3/reports/77406ff6-9c39-4e5d-9efd-60351630b54e/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/34a27e39-5f21-46d1-b22c-a367fed07dca

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1114994

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bfc5d64bcd1a7b794c7168c4ebddd06b817865e9d785b826adbd894d78a1fc5a/

Threat name:

Win64.Infostealer.BroPass

Status:

Malicious

First seen:

2022-11-16 15:52:16 UTC

File Type:

PE+ (Exe)

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=x7c5ms6ndj5xstdrndcoxxoqnoaxqzpj26c3qjvnxweu26fb7rna._file

Verdict:

unknown

3c4f456e84a4b82254480d17bd6db4c0a9ae6259e085b362b10183a82956d1ba

4a75a23c13301872f46f4530b071bc4534a211435d5a8d8534b1455735c571b1

61944d63af0a88ab927fa3bfb88eadd93435c4a851c2010756819cfaa90acde1

75520762f93c99c79ebac6081437b0b1ebf7122b1bcc1942484ea5de8e06a1ea

77ed638394053fe4fef1486f85bac2423f392a1f5e523f9ddf3f5dec289868d8

84a04190d479e2cf0fd459258a4fd4fc4a5059f96c355172e2c230f0bd1e863b

a162a4a82e21300ea8634e03e4d7f4b186cff8b9c41e2e9c46ca0c72e97aeacb

f8a941938484a00306232e77b8af41e7f81df56e4aa9864a2b59ea8ebfbc892b

f90220b98550878f3056c732d437bae3026e4d7c7aa9bb733dbaa9c748cb80e7

+ 178 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/221116-ta25vafh51/

Behaviour

Suspicious use of WriteProcessMemory

Deletes itself

Reads user/profile data of web browsers

UPX packed file

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/cbdc34f9-81e7-4cd5-a939-afa79cda0102

Unpacked files

SH256 hash:

47e1f6d703487bdf4e6ab2390a2c243d06681dec902485207b0413155931ea73

MD5 hash:

46e57079b3a015aefb56445a44af28d5

SHA1 hash:

072aaaac5836bdf6d654f0d876617b28f122df65

Link:

https://www.unpac.me/results/5aae626d-260a-4a34-8fcd-857e4085bfc2/

SH256 hash:

bfc5d64bcd1a7b794c7168c4ebddd06b817865e9d785b826adbd894d78a1fc5a

MD5 hash:

951fee321ee65516ff36b634fc020116

SHA1 hash:

b42cd6a6b9502607a4f77e23581e5e6db07a8698

Link:

https://www.unpac.me/results/5aae626d-260a-4a34-8fcd-857e4085bfc2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bfc5d64bcd1a7b794c7168c4ebddd06b817865e9d785b826adbd894d78a1fc5a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/334906/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample