MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c32d4082937795cf3c95c4a637b1193af5081f8f6056edcee752a6004c4edcec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c32d4082937795cf3c95c4a637b1193af5081f8f6056edcee752a6004c4edcec
SHA3-384 hash: ed02d0dea5c842db043905c3d6e017147bbaefe80a83f506c34560290c8df3970d95dac47071a58e148282ebaefc89c8
SHA1 hash: 7968b56685c2a84d4848f8d22cec7dcb43cc11cc
MD5 hash: 8a75298727c5de6dba8a33f8176dfdaa
humanhash: montana-jupiter-leopard-carolina
File name:8a75298727c5de6dba8a33f8176dfdaa.exe
Download: download sample
File size:2'409'984 bytes
First seen:2024-06-30 08:19:55 UTC
Last seen:2024-06-30 09:29:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep 49152:FmIFZC1J91OXW3pfo0D2DPxn0QmxVZl5yA2qcq0h:81yW3pfo8k90ZxVxd0h
TLSH T154B5333927E96C31D15623B40CF90E5AABE078B2AF53A651D308F513BC169E3DC96287
TrID 32.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
28.9% (.EXE) Win32 Executable (generic) (4504/4/1)
13.0% (.EXE) OS/2 Executable (generic) (2029/13)
12.8% (.EXE) Generic Win/DOS Executable (2002/3)
12.8% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon aae2f3e38383b629 (2'034 x Formbook, 1'183 x CredentialFlusher, 666 x AgentTesla)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
621
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.28202.19282.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=668115bc17db6c2841b261d4win10vpnfull_triage
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Searching for analyzing tools
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
microsoft_visual_cc packed
Link:
https://www.filescan.io/uploads/6681153c49a1c8306269162f/reports/a282b69d-b516-40ab-82ae-33643e799c2f/overview
Verdict:
Malicious
Labled as:
Strictor.Generic
Link:
https://www.hybrid-analysis.com/sample/c32d4082937795cf3c95c4a637b1193af5081f8f6056edcee752a6004c4edcec
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c9b50f73-b008-4532-9e5e-bfc4dacb3319
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1464824
Signature
AI detected suspicious sample
Antivirus / Scanner detection for submitted sample
Binary is likely a compiled AutoIt script file
Detected unpacking (changes PE section rights)
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c32d4082937795cf3c95c4a637b1193af5081f8f6056edcee752a6004c4edcec
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c32d4082937795cf3c95c4a637b1193af5081f8f6056edcee752a6004c4edcec/
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2024-06-30 08:20:18 UTC
File Type:
PE (Exe)
Extracted files:
23
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ymwubauto6k46pevystdpmizhl2qqh4pmblo3txhkktaatco3twa._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/240630-j8fpdsvfnc/
Behaviour
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
AutoIT Executable
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks BIOS information in registry
Checks computer location settings
Identifies Wine through registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/a989aead-5a51-473e-aa8d-5de8b68476f0
Unpacked files
SH256 hash:
682cbc06c8c5f893d95e6071e92c5fe5e825dac7998368eb96c459d0e8bf85d1
MD5 hash:
2b6c29f671822d9f7055fec490e85177
SHA1 hash:
13fb884ef922afd52f09c2438e772d483be3a11d
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/0c1a231b-74aa-48d5-ba2d-5cc260da5dda/
SH256 hash:
c32d4082937795cf3c95c4a637b1193af5081f8f6056edcee752a6004c4edcec
MD5 hash:
8a75298727c5de6dba8a33f8176dfdaa
SHA1 hash:
7968b56685c2a84d4848f8d22cec7dcb43cc11cc
Link:
https://www.unpac.me/results/0c1a231b-74aa-48d5-ba2d-5cc260da5dda/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/c32d40829377/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c32d4082937795cf3c95c4a637b1193af5081f8f6056edcee752a6004c4edcec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c32d4082937795cf3c95c4a637b1193af5081f8f6056edcee752a6004c4edcec

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2888717/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2874925/
  
URLhaus
https://urlhaus.abuse.ch/url/2888754/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical

Comments