MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf718397572a0bec4bd3e8797c2d8cc377b35b2ac9aab18874781f1a038dfed0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf718397572a0bec4bd3e8797c2d8cc377b35b2ac9aab18874781f1a038dfed0
SHA3-384 hash: c88a41d1d201f8fd89537db917166691772ae67987d9d5cef1a8c9bff65c0fa40d373776f270f73b4d2c3c80ab37dd3e
SHA1 hash: 64071505e174e891275dacd8b2c83db1239608a6
MD5 hash: 0d7b74ac6b9ac51f655b87b4fec25726
humanhash: december-blossom-violet-oven
File name:0d7b74ac6b9ac51f655b87b4fec25726.exe
Download: download sample
File size:532'480 bytes
First seen:2021-03-22 19:48:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 77d07a3517a2f6df158a835fd64bd491
ssdeep 12288:ZQ4D5INIgN5zeLOTEuIEnrJAzK9DV8v3R3BiE:3FAXzNAYJ/9S3d
Threatray 2 similar samples on MalwareBazaar
TLSH DDB42335A4EE4E17C457F13548A0AC7F61F8A499596CC83923862C33B3F96B72506BE3
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Siggen12.47248.1366.23331
Verdict:
Malicious activity
Analysis date:
2021-03-22 06:47:57 UTC
Tags:
evasion loader trojan stealer vidar
Link:
https://app.any.run/tasks/a351a229-520a-420a-88e0-a52b4c1834a4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/126186/
Detection(s):
PUA.Win.Packer.Mpress-7
Create hunting rule

SecuriteInfo.com.Variant.Doina.91.10118.1272.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Reading critical registry keys
Creating a file in the Windows subdirectories
Deleting a recently created file
Replacing files
Sending a UDP request
Sending an HTTP GET request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/649081
Signature
Detected unpacking (changes PE section rights)
Drops PE files to the document folder of the user
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cf718397572a0bec4bd3e8797c2d8cc377b35b2ac9aab18874781f1a038dfed0/
Threat name:
Win32.Infostealer.Passteal
Create hunting rule
Status:
Malicious
First seen:
2021-03-22 07:54:08 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
28f1bd1e02427a817d05c69884c5d5ccf3455859a2f1c3a6dce5e6da75141bcd
f69bdd82ca22268d090832707e37b1cae408ba96476843b55feedac11acc6277
Result
Malware family:
n/a
Score:
  7/10
Tags:
evasion spyware stealer trojan
Link:
https://tria.ge/reports/210322-ewtm7c2egj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Checks whether UAC is enabled
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
0883d542732c41486a51560f91a838f5d958ff90ce52c93cb0ea50a0ee87bdf8
MD5 hash:
bef705375bfe9481676dce22fdfe8ddd
SHA1 hash:
408058a90547f020b4f84cfc81ec6783ebf3ec07
Link:
https://www.unpac.me/results/85def512-d06d-414b-b9f4-cc762ffd0606/
SH256 hash:
cf718397572a0bec4bd3e8797c2d8cc377b35b2ac9aab18874781f1a038dfed0
MD5 hash:
0d7b74ac6b9ac51f655b87b4fec25726
SHA1 hash:
64071505e174e891275dacd8b2c83db1239608a6
Link:
https://www.unpac.me/results/85def512-d06d-414b-b9f4-cc762ffd0606/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Glupteba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cf718397572a0bec4bd3e8797c2d8cc377b35b2ac9aab18874781f1a038dfed0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_MPress
Create hunting rule
Author:ditekSHen
Description:Detects executables built or packed with MPress PE compressor
Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe cf718397572a0bec4bd3e8797c2d8cc377b35b2ac9aab18874781f1a038dfed0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1083185/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/126186/

Comments