MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb1fcb3a3d30ed68e82b6b2a3499c4d07cf4c73ea4f67ad4b25484e066181459. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 14


Intelligence 14 IOCs 1 YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb1fcb3a3d30ed68e82b6b2a3499c4d07cf4c73ea4f67ad4b25484e066181459
SHA3-384 hash: adf9d38bfd2df2f968094f877e65e7bf7ba50e56f04bb072eae5bc54dd6597b7b33ca505fdc9abd814cc3d410c1c4291
SHA1 hash: 5c77adc3889ad2a1ed51408eb19350f2e07b5307
MD5 hash: 23cdd6f44afe315e8e758065fc4ee65c
humanhash: pasta-eight-mississippi-pluto
File name:cb1fcb3a3d30ed68e82b6b2a3499c4d07cf4c73ea4f67.exe
Download: download sample
Signature Stealc
Create hunting rule
File size:11'525'337 bytes
First seen:2024-07-30 17:45:23 UTC
Last seen:2024-07-30 18:27:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 319b1edcc4538be377f43066c635ffef (8 x RedLineStealer, 2 x njrat, 2 x 44CaliberStealer)
ssdeep 196608:ygrB8l5PU2LUVNq0vQZ8xnyKE0BEWsgXqyQG9D5x92x9oT02V9doLTmu/9O1:TN8l5PU2L8vQZSyKHyWsgXqydlpfT027
TLSH T138C63372B6C18AB0E42A173B1EF1D92DE43E7D265728959327C04A3D8D615C68F1CBF2
TrID 91.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.6% (.EXE) Win64 Executable (generic) (10523/12/4)
1.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4504/4/1)
0.6% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter abuse_ch
Tags:exe Stealc


Avatar
abuse_ch
Stealc C2:
http://45.156.25.217/587ec30955d49a9c.php

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://45.156.25.217/587ec30955d49a9c.php https://threatfox.abuse.ch/ioc/1305126/

Intelligence

File Origin
# of uploads :
2
# of downloads :
455
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cb1fcb3a3d30ed68e82b6b2a3499c4d07cf4c73ea4f67.exe
Verdict:
Malicious activity
Analysis date:
2024-07-30 17:47:12 UTC
Tags:
stealer stealc
Link:
https://app.any.run/tasks/af35ab0a-d08e-45f3-abdd-27ae6cc6afaa

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66a926dec06bd32e596e7c8c
Tags:
Generic Infostealer Network Stealth Wacatac
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Creating a process from a recently created file
Launching a process
Connection attempt
Sending an HTTP GET request
Running batch commands
Creating a process with a hidden window
Unauthorized injection to a system process
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/cb1fcb3a3d30ed68e82b6b2a3499c4d07cf4c73ea4f67ad4b25484e066181459
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/77acbfd4-a639-4976-b3e3-cca3a894f06b
Result
Threat name:
Go Injector, Stealc, Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1484913
Signature
AI detected suspicious sample
Allocates memory in foreign processes
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Found evasive API chain (may stop execution after checking locale)
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Searches for specific processes (likely to inject)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Go Injector
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1484913 Sample: cb1fcb3a3d30ed68e82b6b2a349... Startdate: 30/07/2024 Architecture: WINDOWS Score: 100 45 Found malware configuration 2->45 47 Antivirus detection for URL or domain 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 8 other signatures 2->51 7 cb1fcb3a3d30ed68e82b6b2a3499c4d07cf4c73ea4f67.exe 45 2->7         started        process3 file4 19 C:\Users\user\PDFUnshare\vcruntime140.dll, PE32 7->19 dropped 21 C:\Users\user\PDFUnshare\libwebp.dll, PE32+ 7->21 dropped 23 C:\Users\user\PDFUnshare\icofx2.dll, PE32 7->23 dropped 25 37 other files (36 malicious) 7->25 dropped 53 Drops PE files to the user root directory 7->53 11 PDFUnshare.exe 2 7->11         started        signatures5 process6 signatures7 55 Multi AV Scanner detection for dropped file 11->55 57 Writes to foreign memory regions 11->57 59 Allocates memory in foreign processes 11->59 61 Injects a PE file into a foreign processes 11->61 14 BitLockerToGo.exe 34 11->14         started        process8 dnsIp9 35 45.156.25.217, 49711, 80 CLOUDBACKBONERU Russian Federation 14->35 27 C:\Users\user\AppData\...\vcruntime140[1].dll, PE32 14->27 dropped 29 C:\Users\user\AppData\...\softokn3[1].dll, PE32 14->29 dropped 31 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 14->31 dropped 33 9 other files (none is malicious) 14->33 dropped 37 Tries to steal Mail credentials (via file / registry access) 14->37 39 Found many strings related to Crypto-Wallets (likely being stolen) 14->39 41 Tries to harvest and steal ftp login credentials 14->41 43 5 other signatures 14->43 file10 signatures11
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/cb1fcb3a3d30ed68e82b6b2a3499c4d07cf4c73ea4f67ad4b25484e066181459
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb1fcb3a3d30ed68e82b6b2a3499c4d07cf4c73ea4f67ad4b25484e066181459/
Threat name:
Win32.Trojan.Stealerc
Create hunting rule
Status:
Malicious
First seen:
2024-07-27 00:49:26 UTC
File Type:
PE (Exe)
Extracted files:
789
AV detection:
18 of 22 (81.82%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zmp4wor5gdwwr2blnmvdjgoe2b6pjrz6ut3hvvfskscoazqycrmq._file
Verdict:
malicious
Result
Malware family:
stealc
Create hunting rule
Score:
  10/10
Tags:
family:stealc botnet:n4 discovery stealer
Link:
https://tria.ge/reports/240730-wb98ysvfla/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Stealc
Malware Config
C2 Extraction:
http://45.156.25.217
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/3b867915-f218-4bcd-bfbc-6e83e3ecf900
Unpacked files
SH256 hash:
f9b4944d3a5536a6f8b4d5db17d903988a3518b22fbee6e3f6019aaf44189b3d
MD5 hash:
956d826f03d88c0b5482002bb7a83412
SHA1 hash:
560658185c225d1bd274b6a18372fd7de5f336af
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
f9129405399c34591641be31670956d22d5fde9a34a57028ea8f7d27b11b0506
MD5 hash:
06480757ae78a219001d564010c767fe
SHA1 hash:
7aa3fd8f5f85980c14d5d79e82ed4e0102bbbe70
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
f863f67cac2d16e63161eb8af910758078a8ed93a11029f5d6e82fd1c4081d93
MD5 hash:
8bc72509738230221124fcf9fba465b3
SHA1 hash:
d4ae1f7d34284a23ddca26de914fe2efd76873ea
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
eaeee5686d4fc0925fd3fc1328e6fcc84acea553d82ccb49970488b64daf47ca
MD5 hash:
6fbebc95a8b2bfa01498c18a1eb71598
SHA1 hash:
349a978d91f6b353c5b6bdcacd951c20ae52b1e6
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
dc2ea86d62a09428268f88321b369252dc2ab963358a061493a433b0bd4702af
MD5 hash:
214ab37806209275089bdcca9c63ccea
SHA1 hash:
c7eda68f4af97366ab68db46fa8920cd41e61e9a
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
dc0588558c9b9956ce682b12ad56bd2e6969b363516cfc8071ecd18f4304b79c
MD5 hash:
641c82ee007017aae7a3d728d74ba22d
SHA1 hash:
b06cd30fe167a2fbaae980a402b5012b9a1bf48d
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
d497a33cce0752d80141c0b33d9ee31ffd73a1504e224147f0a8455e4f187b74
MD5 hash:
ad8db63a9337e7f0b60d790f43dd9950
SHA1 hash:
9377f06ec46f74d96d787042e62e420e04ecb2b7
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
cc28b2263add4142bb805e62fb7882a8ab5c2dd109d637866219a1ba802b9a6a
MD5 hash:
6e6ccc072d6528835fcd264fadec1e5d
SHA1 hash:
0e8571534a5879ea422eadc8d62c9aca35a8924b
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
b65667d48d82556153089b1eb4f70160417504d09d9565682160558392bd90ee
MD5 hash:
aa37a68fe9233730dc8c839855e57d70
SHA1 hash:
ee3566e6e84f96e2f81334a96757f35c92365c6a
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
b397d4b46064b50e495c1179996dc7e454a26286a749e477447e9d8bad191115
MD5 hash:
12ec71cac224100c3ee533e395caab70
SHA1 hash:
772361eb98121d78a3b0311c0b5dfe6349446717
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
abdbdf43fc7f931f4ebe488feebd0d72b37dc558c116eb52e357e320824cdead
MD5 hash:
04296852636c6f6acfb02e0be3b6d9f6
SHA1 hash:
6aa32e0e214b3f780bb063edb681eecc590aefa7
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
a6e9360916b442958909132eea2456c2057d93c8a1437e6e74e60551cb966528
MD5 hash:
68b4d860b06596f6cec3d712d220a087
SHA1 hash:
46c956d4f5c9bd84b0093dafedf114d6c8223034
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
a56fe737306be73ae70f96d6a560ecd7d77f9ba8c2168f1205ab1f4d22e10dfb
MD5 hash:
6aa4142d4f9d57d519898dd37535790d
SHA1 hash:
608ca373e440c7717eed6ca7f01f7b14501e772c
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
a3666b7f714eb663374982837a117b44329a4861623f313272d825ef90257d23
MD5 hash:
98bbebe35280dd5e20ae4fe4da3524e1
SHA1 hash:
6cee46c309cd11593783a6962708514bdc1f877c
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
9fe18f751df355767822b1aa80c6cff99ca4069d11260836b1e8cc5ea92d815e
MD5 hash:
c67a2d87b0348a8a824edd05f91dbdb5
SHA1 hash:
c8fdac3ce7c10ddf6778db6fdfe82f911e2d20ed
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
9ac4d4553840cabdeac60e9d1d3bde86390d5678a03434db23427b1b2b7c9167
MD5 hash:
2acf754f2d74040cc957846d4e382853
SHA1 hash:
afb372388eb7ea73500cc500b78d902bee27e2db
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
97a4b0abb6e07205849038701535dbc4decccb379b791e548055a351bce1ea0f
MD5 hash:
1826341609f091e0155e20f06aeefb05
SHA1 hash:
a5e4c5ab96b271b170231dd77dd272c9560c2810
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
94b0b503a87c0b9f4b4e14666c9771d939867634fd4832b041e5e0f54b080e1b
MD5 hash:
9ea95c0a09b40fdd8f51a892c4b6aa10
SHA1 hash:
eadcfbfe9ca334ab8bbdb37ac82cae1d83d3f65d
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
92d3c779b18d6d0e7fd2b3cf768016c8f344ecc9a6da82726cff956d26523a22
MD5 hash:
b9ca13c1a8212684aed42507ea3f663b
SHA1 hash:
4c4968d550e28010797f0ce228ecbdb796f9aa43
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
8f4fcc21cf0d892c877efead68b54febc0308a311d15803d70a1a5549da315f9
MD5 hash:
481005caf90aa2935b8f6f66063b4b6c
SHA1 hash:
915fdd31fcdc9cf01ea018997cae52811bad09f9
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
85601d3e3622cb7b2546c3bf63ea1efb82e1140563c2c62b9ef877950d33f718
MD5 hash:
40733e79c58fd472e94fa28a3ca9459c
SHA1 hash:
eaec6ff4e455c9dbcf166ccd25287af4b1a9bcd4
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
83bde716ca0f4d93751913c7ad58a91b750b0a14d46d379fcef91eede0eb5296
MD5 hash:
7e46d09ec1d86ed8063e8452bd53ceb3
SHA1 hash:
1d141f580e7ca2b6e3884d61b3e2a1ebc01d7283
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
830f5944282c8e19d8a118085a5f2d32c91a02c2865c67fe612ede588a815637
MD5 hash:
fea3bce60300ec4d00e454bb452a938c
SHA1 hash:
b6d84e4de35d51d2db4c464a0223cf32eb5d1b7e
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
7a60b0801a7629e843f48dce14d5eb6e63f796bf252e92663209bd90b8d84b7d
MD5 hash:
98a59de5119039e9da865abe50fd1a18
SHA1 hash:
c12bee47b199ee0aa0fc0eec8850e9c4d19f2104
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
775de316802535c69daa5085351da5d6f11a71ec0d200b4fd31bd89cef523d21
MD5 hash:
e42931b3fc7bc9805e1599ecfcf325a6
SHA1 hash:
eaac146790f4ba71d2b4afc0cb88eb1c9ebfab7b
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
77222e81cb7004e8c3e077aada02b555a3d38fb05b50c64afd36ca230a8fd5b9
MD5 hash:
4e35a902ca8ed1c3d4551b1a470c4655
SHA1 hash:
ad9a9b5dbe810a6d7ea2c8430c32417d87c5930c
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
736c1a16f7818d61e00fd84b9d4256701e0ab7a9bf6276cd86af431c6ba7b6a8
MD5 hash:
3ac4096ed9f70cca57a9f486e33e434c
SHA1 hash:
a1b097ecc5817acdd44c2926d191b633d3afd40c
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
65e1ac8aa03555ff4158f62d00fcc538064a9c037d6199a59f403b9e3ad820fd
MD5 hash:
05eb938b5890e3202a8e68f7b6fdc871
SHA1 hash:
b1a03b5de0a88f5fe5b128c3f837e7423f34752b
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
62ef98b00232f9d63a647e201abfb354582d3fbc342ec63df15b2a0ce514b5a6
MD5 hash:
ce9564f1a1bb9d09693629dcfab40356
SHA1 hash:
f29a70fb365cc6789ec60f9fae9478f36a809902
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
5f421ab112ffb333801120f56fab51a582afda4a929fd4c425e7449c7bace673
MD5 hash:
ca854516576b6735e1d325272041af48
SHA1 hash:
4560f77a9d83edf58d82a9f41ac7ed29b619ddc0
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
409683c4192bfd403f01cb6938dc941e730a4d8088d7ad4f524b294bead57388
MD5 hash:
4790aa4a603baf92a3f9eb16cff9cf1a
SHA1 hash:
598e2757905e42af8063f021ab25c55f52c09fa2
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
3b104a66d117fe5fa7479e1d9e1b241d903cd155e8bee493cbb678795db93054
MD5 hash:
55731fcf163876bded3452fa1afb4d43
SHA1 hash:
837f254767fc5766c0832f0fb4ee98e3c802a1fc
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
364dfaf4e39cb44c091460ab19da1ce915a33f79df70257fa519333435c2cdcf
MD5 hash:
09b8a144227db71f66a64c16fb3089ad
SHA1 hash:
c1c125bfd7207bf2612830ce65aef49900b1318f
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
1f1d4b262dd1a4b53c4543b4dc172e38f75005214136597ad6e765b537a94d62
MD5 hash:
20ee4523c694abeb097e344c6dccf772
SHA1 hash:
0ce79e5b288b4f6cdbd1d7e747e71199cc019353
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
1e0f8f7f13502f5cee17232e9bebca7b44dd6ec29f1842bb61033044c65b2bbf
MD5 hash:
31ce620cb32ac950d31e019e67efc638
SHA1 hash:
eaf02a203bc11d593a1adb74c246f7a613e8ef09
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
0b0a538434de3acb8c6ba7ffff1257a77f8ab10ab399ecb10db4206399e085b8
MD5 hash:
3b2a4e04f674c84f352e6ab8538e1f9a
SHA1 hash:
8db6707a8855c5e57a67f5764473566024103451
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
055d1e9705008e2c3804bcba13c0c7ed93191985edb40e8b414fa866e937394f
MD5 hash:
2bf00df1ea193e67e4d4848dca066f71
SHA1 hash:
0b2767cb37d459c438ff290b07ee97552681bb41
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
014e18ca3ca4b1b58da3861b65e1acb45e9e00dbecca2c4e27f74959aae48057
MD5 hash:
f5c618e90a46aa8c7eedf4548b4fb18d
SHA1 hash:
bee5cebd7a79449800bd76f2b1e0ffdcf6f8f4fe
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
00a328a9ad29cc9ee827ba29f6ce531d10fcc5c16a86255e25955d8460c49d8e
MD5 hash:
d96b2b489a4dd87368a1cf2861dba0c0
SHA1 hash:
cbbcaf7dcb965b5a4edabb5f5165d8dacb38cfe1
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
SH256 hash:
cb1fcb3a3d30ed68e82b6b2a3499c4d07cf4c73ea4f67ad4b25484e066181459
MD5 hash:
23cdd6f44afe315e8e758065fc4ee65c
SHA1 hash:
5c77adc3889ad2a1ed51408eb19350f2e07b5307
Link:
https://www.unpac.me/results/49cb1a33-2dba-4338-9f77-b1e24e22edea/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cb1fcb3a3d30ed68e82b6b2a3499c4d07cf4c73ea4f67ad4b25484e066181459

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
GDI_PLUS_APIInterfaces with Graphicsgdiplus.dll::GdiplusStartup
gdiplus.dll::GdiplusShutdown
gdiplus.dll::GdipAlloc
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::AllocConsole
KERNEL32.dll::AttachConsole
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::FreeConsole
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::MoveFileExW

Comments