MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c163314e4b432b5bd2955f79a65ce05d0ff92e4cad74c6e2685424946dd87363. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c163314e4b432b5bd2955f79a65ce05d0ff92e4cad74c6e2685424946dd87363
SHA3-384 hash: 8dc2161658e1b02b26bfdad9497cbac5ee17258f29e5ed9202ac1d45b5c34e0b520b64558d4c291210082df7e31a0a62
SHA1 hash: cbe73e294675abb2c3fadcd430b678c6811ff605
MD5 hash: 494298dd797eff60c8a0e5da5700f6a6
humanhash: orange-chicken-jersey-cold
File name:494298dd797eff60c8a0e5da5700f6a6.exe
Download: download sample
File size:4'223'488 bytes
First seen:2022-06-08 09:13:31 UTC
Last seen:2022-06-08 10:04:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:++kvjVF/bEb2LrEANU5WgC30qYd9jx42qtvuXhWMxsQrShg:+7bQ2LYAC5Weq89jx+vuXPCpW
TLSH T13016335724422C39D72B427EDDD268A360F54E3CE368685F076F81996DC88E8DBC4F89
TrID 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
268
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
494298dd797eff60c8a0e5da5700f6a6.exe
Verdict:
No threats detected
Analysis date:
2022-06-08 21:21:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/303fb178-08d0-467d-9885-d0a371bf2cd9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/277710/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop20.8978.2145.16906.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Changing a file
Creating a file in the %AppData% subdirectories
Running batch commands
Launching a process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/62a068a55dc88d35716b0e4a/reports/ab730e8b-d8f6-4d20-a10f-cc386a8c3130/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cd8c6b91-4057-48a0-8930-079cb80cb3a1
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1008889
Signature
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 641388 Sample: 5Pv6KtgJp5.exe Startdate: 08/06/2022 Architecture: WINDOWS Score: 56 16 Multi AV Scanner detection for submitted file 2->16 18 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->18 7 5Pv6KtgJp5.exe 2->7         started        process3 signatures4 20 Tries to harvest and steal browser information (history, passwords, etc) 7->20 10 cmd.exe 1 7->10         started        process5 process6 12 conhost.exe 10->12         started        14 choice.exe 1 10->14         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c163314e4b432b5bd2955f79a65ce05d0ff92e4cad74c6e2685424946dd87363/
Threat name:
Win64.Infostealer.BroPass
Create hunting rule
Status:
Malicious
First seen:
2022-06-04 23:42:28 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yfrtctslimvvxuuvl542mxhaluh7slsmvv2mnytikqsji3oyonrq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/220608-k7a8ysegfq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
UPX packed file
Unpacked files
SH256 hash:
5ec779569f16c91bcaf55018988d14dee630cc74b5260cc345461e600eddde00
MD5 hash:
71d678644e155e80e12e7131d3dc099e
SHA1 hash:
f958d6630bf5d27191c4b19eda8dc97df23b45cb
Link:
https://www.unpac.me/results/00cf99ee-cadb-40ed-8ff9-c405975c040e/
SH256 hash:
c163314e4b432b5bd2955f79a65ce05d0ff92e4cad74c6e2685424946dd87363
MD5 hash:
494298dd797eff60c8a0e5da5700f6a6
SHA1 hash:
cbe73e294675abb2c3fadcd430b678c6811ff605
Link:
https://www.unpac.me/results/00cf99ee-cadb-40ed-8ff9-c405975c040e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.77
Link:
https://yomi.yoroi.company/submissions/c163314e4b432b5bd2955f79a65ce05d0ff92e4cad74c6e2685424946dd87363

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/277710/

Comments