MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cbef9f75a09b4a90f5fe320f79ffbf7255c884f6f9da7afa04e8410dc5271a21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cbef9f75a09b4a90f5fe320f79ffbf7255c884f6f9da7afa04e8410dc5271a21
SHA3-384 hash: 899006d52db0c2063151e99f15cc812498be3f58eb7f5b74a89926f5fc640b659c55a6d674dec9c8a1c1c29174b525a2
SHA1 hash: 93dfce0c05e8c99a61cb41aff2554836d441cc2a
MD5 hash: f4ec121495cdcb40eec3b7e2b9c1d8fa
humanhash: dakota-louisiana-four-lima
File name:viewprintersettings.exe
Download: download sample
File size:392'192 bytes
First seen:2020-07-17 20:50:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:Md1NE5ahgzz+Kla9rbe73iyNPH04BhjsFCOj2HTW2Gk8nXTBfaZWlPqOM5yEIhp:Md02gzzE9o08hE2HTAnXTByZfD5
Threatray 17 similar samples on MalwareBazaar
TLSH FD84513B9DD07331FC3B957D9C50AE1DB9982D10382B5827F2CCB54A273BBA5B218199
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/27568/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/389210
Signature
Contains functionality to steal Chrome passwords or cookies
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cbef9f75a09b4a90f5fe320f79ffbf7255c884f6f9da7afa04e8410dc5271a21/
Threat name:
Win32.Infostealer.Lvsteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-17 20:50:28 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
071c9ef8d382452d6bcaa4a46eeb4a0e71562097201d228caf15229fd2b68ac9
0f1f333f34d4ab91907ca6a0ad8d3360d5324623e9c885ab228127bce34932e5
3b6888d30e34ab5f977345c962d76f352483f6138a89079061839af1f553ca18
48b9908bc98ae2903ee34167224b402fe5eb3a6c9b853ab17e728de52e2639a0
b419388d90afae438580cfb282413b38b0aa9b219c61ec2291c4a76f2e696f39
e162d29d0ba895e3ea7d75000c41c843225c7d29147b323ed9a72f4de3c1f6f0
e33dc5d4a3a46732206a4c01614a366e7bbf226942805cfefa1df3cf91326f13
e76dbde4aabc5707baa53641e9fca2eba239b0a6e9339e12627f2c767d435279
f309d3820c2f40109825f3ebf2e00f84f0eb8d97e3b78cc74e751b69ba738435
fde7c52c166cd76fea454bbb539e7eba9ce704f5b442534bf5c4163213215426
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200717-f43j8zm5aa/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cbef9f75a09b4a90f5fe320f79ffbf7255c884f6f9da7afa04e8410dc5271a21

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_unidentified_030_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/27568/

Comments