MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb52743a2df6c4cf327ad9bd549f30c2623503807441be65b099b2cf362e08c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	cb52743a2df6c4cf327ad9bd549f30c2623503807441be65b099b2cf362e08c9
SHA3-384 hash:	5c12d0daa54aedb97ec9fa2a90b87e05301618507d925d98b2b851065e899690bdd1f6e760975e9d6f58ec326c98f0c7
SHA1 hash:	b89d2beaf852adf13edf85b6c8a5b6ac9c8a91e6
MD5 hash:	10aa5d63252e45590ebcda48ca676a8f
humanhash:	april-beryllium-edward-mississippi
File name:	file
Download:	download sample
File size:	8'016'896 bytes
First seen:	2022-11-06 08:38:24 UTC
Last seen:	2022-11-06 13:57:52 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	61fb3a6e7ea9c6562713d38945a43b00
ssdeep	98304:igr2PIpJfpT8nFzpZomc3kMrzvtZecAbqTNVbwPGYWQ/y/xmSeO5Z5gNaI302VuL:igPhTUQmczzvtZecAbqMPuQsH5a3loJ
Threatray	88 similar samples on MalwareBazaar
TLSH	T12A868CC44BEC2E96EEC4557C5EC74FA49A5AA4CB90F6FF6CED5994002143AF2AFB0101
TrID	48.7% (.EXE) Win64 Executable (generic) (10523/12/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://cdn.discordapp.com/attachments/1038538150269685841/1038561198112784494/FIXERROR.exe

Intelligence

File Origin

# of uploads :

147

# of downloads :

180

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

No threats detected

Analysis date:

2022-11-06 08:43:25 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/f3347afe-e076-41b4-a780-9d87e52449a4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/329386/

Detection(s):

SecuriteInfo.com.Trojan.MulDrop21.4441.162.32390.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file

Сreating synchronization primitives

Creating a process from a recently created file

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed shell32.dll

Link:

https://www.filescan.io/uploads/636772a83c6c57b4ec413b6c/reports/57987ee4-456e-44d5-a3f0-122da37306c0/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

ngrok-server

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/126550c8-01f1-463c-b0af-1f72d50a2a36

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1106513

Signature

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cb52743a2df6c4cf327ad9bd549f30c2623503807441be65b099b2cf362e08c9/

Threat name:

Win64.Trojan.Privateloader

Status:

Malicious

First seen:

2022-11-06 08:39:14 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

16 of 26 (61.54%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=znjhiorn63cm6mt23g6vjhzqyjrdka4aora34znqtgzm6nrobdeq._file

Verdict:

unknown

18d59c3f392ac4b2b47b6fd2f5a5e171f45084ad43830ec7eadd67d6c0f69a31

270ee2e5c9f28b36a54747a4ff3a23a758cd555334b6aed7b70d437b0b5db7cf

3648330cfd0c54f1e151467fbbcb87df9340deca638bf1a8b332e20915065728

3af3279ede125805a47682382304f6b76af4e7c34c2bfeaa198e0dc38f3ad1b6

79b2c383aa7f47ab2dc0e43f8a81cc0beb0587afa528c28d30450f7a3750dd8f

8ee34a2bd6c92d9bbeff8ae99add314d80b783c315d308bd520c3cc8a9d775a6

d254347248b6aaf1392ed03d97c4407109003c858d63edcca583e7020343fd31

+ 78 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/221106-kkac5seeel/

Behaviour

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/0fe868ed-d46e-4cbd-8114-68a4cef1d2b3

Unpacked files

SH256 hash:

cb52743a2df6c4cf327ad9bd549f30c2623503807441be65b099b2cf362e08c9

MD5 hash:

10aa5d63252e45590ebcda48ca676a8f

SHA1 hash:

b89d2beaf852adf13edf85b6c8a5b6ac9c8a91e6

Link:

https://www.unpac.me/results/113edc07-6257-4475-b50e-4bc55e4bc301/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cb52743a2df6c4cf327ad9bd549f30c2623503807441be65b099b2cf362e08c9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/329386/

URLhaus

https://urlhaus.abuse.ch/url/2402218/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample