MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c342cbe24376b92336018b86c2de1ad6b50e21782373318ab3f93f8dabb8e126. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	c342cbe24376b92336018b86c2de1ad6b50e21782373318ab3f93f8dabb8e126
SHA3-384 hash:	99c14fd836bf3afd308b4b6a3ce697872246d56919929fcb29705d530f83763b46c21d7770f1b8b565eee39ef9bba00e
SHA1 hash:	b4348ee9165ef1de18d2f32cf763ee3f2bfbc7d1
MD5 hash:	9718f985a113ce7f1762ee1c7ff47004
humanhash:	april-vegan-arkansas-connecticut
File name:	file
Download:	download sample
File size:	5'341'184 bytes
First seen:	2022-10-10 09:07:49 UTC
Last seen:	2022-10-14 11:51:31 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	98304:gJKaxsKZxvAflWOUO60NhUPtA1rACTXWwKx9DFSv0DsN72MHhHGd8zre32:gkOx0l/FzmA1rACTlgF/QcKhmy/
Threatray	32 similar samples on MalwareBazaar
TLSH	T136363359F22CD858F1E407359A1E466C9B775C0E32812C6D4879C3E3E838BF86AD7279
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://vk.com/doc735662571_648194660?hash=U3SpP0NNMRWylNjy3M5mpyaBXJNQUN6ZLX3dPWwfA08&dl=G4ZTKNRWGI2TOMI:1665333575:h17HqOG8GbeuLz8gawM8FvontlucbaKmt8SdRGAKzrX&api=1&no_preview=1#vb1403

Intelligence

File Origin

# of uploads :

# of downloads :

229

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/318287/

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Searching for the window

Creating a file in the system32 subdirectories

Creating a file

Launching a process

Creating a process with a hidden window

Using the Windows Management Instrumentation requests

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/6343e0f47a6f3f03619d9b44/reports/2a5fcc79-fd20-493f-a99f-b518df63ef02/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/73ea1780-3e2b-4d1a-8a51-64f823066fdf

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/1087434

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c342cbe24376b92336018b86c2de1ad6b50e21782373318ab3f93f8dabb8e126/

Threat name:

Win64.Infostealer.BroPass

Status:

Malicious

First seen:

2022-10-10 09:08:28 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

16 of 26 (61.54%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ynbmxysdo24sgnqbrodmfxq2222q4ilyenztdcvt7e7y3k5y4eta._file

Verdict:

unknown

5bf3189b7d260930bbcaff2c228e948195d774d2542a6fe0a865a7e5b8b07c63

5d72a8ffcefedd15f16a8ac752b0e09fef6d9359c0019fa1627be76581358152

6375c2e53e3dc7c6bfb8a0c0b83f8e3c7490d1067804479e991dfcd2c900ece8

74a0e4140ca9299aa29f32313740e66821324c97b2ec860fc7945ec0e6775a7c

774fa8863d2cb1747c338ef9023103d535715b30b6d5450a9ee146663d77c89b

7fa5971fde4364c32e47c5a8e6b189fc214ffd019077f30c14fbfb4e240909e1

b5ff5a9c19554d5531b7287615ce45e622ffc8d12b6c8d3f15e6c023e94bd452

cc81b5085ea098d0d117dfe38aa46b5513f66d34c23454c964cdd3f0864967e7

d06077790fb260d6c3ed4af601b5322446d2a0621eb8edf14af8438dc2c02a63

+ 22 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/221010-k3wdbsbeal/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Reads user/profile data of web browsers

UPX packed file

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/952d284d-83f0-46b1-9629-366a4869b2c2

Unpacked files

SH256 hash:

85f9c7bee661c4009ce2fcb79f61d71b575244b1fd428b6357871605659e3ec9

MD5 hash:

73f282ea4a17dd9a005640b4cd6664b2

SHA1 hash:

17a16c0d56ca48a47adf9bbe1af2eaf996c71e57

Link:

https://www.unpac.me/results/e3457d3b-1566-4eb9-9add-55e9b2c42993/

SH256 hash:

c342cbe24376b92336018b86c2de1ad6b50e21782373318ab3f93f8dabb8e126

MD5 hash:

9718f985a113ce7f1762ee1c7ff47004

SHA1 hash:

b4348ee9165ef1de18d2f32cf763ee3f2bfbc7d1

Link:

https://www.unpac.me/results/e3457d3b-1566-4eb9-9add-55e9b2c42993/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/c342cbe24376b92336018b86c2de1ad6b50e21782373318ab3f93f8dabb8e126

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/318287/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample