MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d13638aae47515a92e77b96772eee6b221ff1e9055df95ad114d759d47ba5643. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d13638aae47515a92e77b96772eee6b221ff1e9055df95ad114d759d47ba5643
SHA3-384 hash: 481b647d613d356427789dab1c3f5edd81218a58a5dec7c4482527c60d127ced2724cb675c93b782260b937d00762357
SHA1 hash: 639fc044cc52565c4ecf91db489117a6c7bb78ca
MD5 hash: 6acc77d44ae7959fe4a9dd7aede2712e
humanhash: hamper-freddie-twelve-helium
File name:6acc77d44ae7959fe4a9dd7aede2712e.exe
Download: download sample
File size:395'264 bytes
First seen:2022-12-05 06:43:04 UTC
Last seen:2024-10-18 17:28:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 543c1dbc784050a59cb09bee0f6ead3c
ssdeep 12288:gSMSyHymbPOTZyTiwhkLkIznfFKCNn0WPV:gSwSmbQciwhIfLhz
Threatray 243 similar samples on MalwareBazaar
TLSH T1BF84220ABA28E853D8240C72D52BC39695346CB95E674E6F7614BFBF0F3448DC32749A
TrID 48.9% (.EXE) Win32 EXE PECompact compressed (v2.x) (59069/9/14)
34.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
5.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.7% (.EXE) Win32 Executable (generic) (4505/5/1)
2.4% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon 78d8fae6ccc6c4c0 (29 x Nitol)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6acc77d44ae7959fe4a9dd7aede2712e.exe
Verdict:
No threats detected
Analysis date:
2022-12-05 06:46:35 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7ec1172e-cf9e-405c-90d7-f8f566963a58

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/342749/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Sending a custom TCP request
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware packed shell32.dll
Link:
https://www.filescan.io/uploads/638d933355eb3470cd4fd469/reports/b399bc2f-4e89-46af-8a0b-5534afb0d8f1/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
KRBanker
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ddd0a271-089d-4297-bc2d-10ccf5ee7b5f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1127756
Signature
Detected unpacking (changes PE section rights)
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d13638aae47515a92e77b96772eee6b221ff1e9055df95ad114d759d47ba5643/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-12-05 01:00:10 UTC
File Type:
PE (Exe)
Extracted files:
59
AV detection:
7 of 41 (17.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2e3drkxeouk2sltxxftxf3xgwiq76huqkxpzllirjv2z2r52kzbq._file
Verdict:
unknown
Similar samples:
2543ac05144ac1ec1bb2343b08d145c56b8603d5e00d30170d4fc57b15f1f7ce
555e46f781c185be727d34be3664c708f7f0c5334195c542894b11187551fb0a
8eb328c62600f7bfc8927f17edbebe5f2d556b305d1c872c155c468f67788ca5
9785703d9291d9947e6a79e831cf475afc26577d0b365685c4ab8b3c5f246d6c
98a511650351d4f72470d9c83a4ea479f9ba58a7ae181d8dff5ac29a1bda4977
9f11a8c899cebf82b33fb6e0b457081a4d9cbc8da214579ca3d71dced16c0471
c6aa7fc9c195d950bc5290cd4827019ee03a98938b6dee9f4e6101747fa69e72
c7a4610450b391e045dafc9aead744dfeaad2cf215caf58a0304edb190310efc
ddd3ee4728aa61fbbb285449383ddb12e62bb0da661d281f3d5deed805dfa497
df06c19f1ab56d40f6c4b70c37be024abaa997eb0d55223a14a946eb47cddc4c
+ 233 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221205-hgxyxseb54/
Unpacked files
SH256 hash:
7281f3939c92cb20ed714734f8cbc844a71d312f79bb9503969a0bf42c36d301
MD5 hash:
b976ea137fd8607076d8bd6b7a561b83
SHA1 hash:
2ffd93c93cf9bf6f8a7c47df2a4e7fd1bf8b4f96
Link:
https://www.unpac.me/results/0ff2d593-f90d-4777-ba13-99b93d72a9e4/
SH256 hash:
d13638aae47515a92e77b96772eee6b221ff1e9055df95ad114d759d47ba5643
MD5 hash:
6acc77d44ae7959fe4a9dd7aede2712e
SHA1 hash:
639fc044cc52565c4ecf91db489117a6c7bb78ca
Link:
https://www.unpac.me/results/0ff2d593-f90d-4777-ba13-99b93d72a9e4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d13638aae47515a92e77b96772eee6b221ff1e9055df95ad114d759d47ba5643

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/342749/

Comments