MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d065371666a12d348c13b0c3eb55f502210e2a2e45b0822dc586b69e2e3988fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d065371666a12d348c13b0c3eb55f502210e2a2e45b0822dc586b69e2e3988fd
SHA3-384 hash: bde0ed33ad5e66b277746cb6c2bd4a1b1d3d53717d08ac03884e064a34192f564ed9e57a6c833e2259cf14f96c786c89
SHA1 hash: 58fc4543a48c0c8a265c13de63ab9c455d5273c2
MD5 hash: 6c4907c320cd82e3aa92da8449e2436f
humanhash: florida-orange-kilo-arkansas
File name:main.exe
Download: download sample
File size:1'157'301 bytes
First seen:2022-06-05 23:44:56 UTC
Last seen:2022-06-06 00:30:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0bbecc8e9f9f17b0ea9cc3899b15e5cf (1 x RedLineStealer, 1 x CortaBot, 1 x CobaltStrike)
ssdeep 24576:JaLAYN5O78GoovdnWfD/9d8YuJgCEK+pAFYDiF++gH:J+s8IvdWfD9d8YuJ47pAqDiF+n
Threatray 168 similar samples on MalwareBazaar
TLSH T1F635125463A00CF9FCB2523D8842D515DA71BC221720E69F07E49B7B6F232A26D7FB64
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon aebc385c4ce0e8f8 (10 x PythonStealer, 7 x RedLineStealer, 7 x DCRat)
Reporter Anonymous
Tags:exe Python


Avatar
Anonymous
A "file organizer", but with some suspicious activity.

Intelligence

File Origin
# of uploads :
2
# of downloads :
415
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
main.zip
Verdict:
Malicious activity
Analysis date:
2022-06-05 22:59:53 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d713eef7-b094-4475-afdd-6ac557e19706

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/276855/
Detection(s):
SecuriteInfo.com.Backdoor.Cobalt.Win32.218.19654.28490.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cobalt expand.exe greyware overlay packed
Link:
https://www.filescan.io/uploads/629d400abea023f99d874214/reports/107523f9-8a27-468e-8370-d20b6ed3b857/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/740047d3-eec4-41b6-8420-d68ce4e826f4
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
5 / 100
Link:
https://www.joesandbox.com/analysis/1007032
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d065371666a12d348c13b0c3eb55f502210e2a2e45b0822dc586b69e2e3988fd/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2bstoftguewtjdatwdb6wvpvaiqq4kroiwyielofq23j4lrzrd6q._file
Verdict:
unknown
Similar samples:
04a31ae8a31bb4144d7392040442f4a38e8301cc550124cc47d012a0eba71bdd
0df6eca30071051714c4d1b5bd16e11feb7a76ab208c907771d0dd470d91ab07
329d77b0ab5af0e568b9d56e3c3f7afc4266bf2cea0bd816ed4e67d4c9a09692
33f1a042ec0acd54bb8d13aa14215a5039c8dc95188df1685d36f35a9ca5ee0a
3d0ca4604a0effdd7d12700991d223fc96ea02b49531fcea2e4e4d3db521e9b2
558607b112f50fbc472d9d72f0d5179b931a461aa473274badd4e064ee432f2a
8eeb37060519ca06889e09113bb423bfbe8c2e16c93fa5b75d82397f8cf58012
a07afb3f48c05bc311adc6a9473310e6b35e14f14920e543ee8ca032a0af637f
cd55506ba70b766f436a1dd02dcedb800dc5eeab058de438a2da134e4ec9d466
cdd0d34714297037b5be052585421821a6c30d48866394ea0bb8c1a7f29a9195
+ 158 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
pyinstaller
Link:
https://tria.ge/reports/220605-3rperahfaj/
Unpacked files
SH256 hash:
d065371666a12d348c13b0c3eb55f502210e2a2e45b0822dc586b69e2e3988fd
MD5 hash:
6c4907c320cd82e3aa92da8449e2436f
SHA1 hash:
58fc4543a48c0c8a265c13de63ab9c455d5273c2
Link:
https://www.unpac.me/results/e2a3abf3-ea1a-4c26-a253-0dc4b451d027/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d065371666a12d348c13b0c3eb55f502210e2a2e45b0822dc586b69e2e3988fd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d065371666a12d348c13b0c3eb55f502210e2a2e45b0822dc586b69e2e3988fd

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/276855/

Comments