MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d13edbb9da20126b75fd6f0d3c402fddcafdca90f81fd875b96a88c0028c431d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d13edbb9da20126b75fd6f0d3c402fddcafdca90f81fd875b96a88c0028c431d
SHA3-384 hash: 7348d7818ea094ed9a5d4220b34be3b8f3760f4f794c0c5ac831086bfab6717c8083632234629e0c6187eb953c1fe66e
SHA1 hash: 40d797cae37ff9d910a54b5ef86b5c3bd5d936c6
MD5 hash: c62c13ad258b2bf04c3c99e7ee1da90b
humanhash: autumn-indigo-coffee-football
File name:c62c13ad258b2bf04c3c99e7ee1da90b.exe
Download: download sample
File size:1'983'946 bytes
First seen:2022-02-08 01:46:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9d1f0da408c33eebb70b9bfa17b7fddc (4 x njrat, 1 x Jadtre)
ssdeep 49152:toX3yq8XDY2Td2l+xysLqmiuUyKFAMkq9xraNSNzH+:toHyq6d2UlcAcTrIS1e
Threatray 296 similar samples on MalwareBazaar
TLSH T1CF95230177D5E073C1135531480A8BB2B63CF5756A6242867BC5AF387E36AAAC73BB07
File icon (PE):PE icon
dhash icon cdabae6fe6e7eaec (20 x Amadey, 9 x AurotunStealer, 8 x CoinMiner)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/237384/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Coinminer.tc.19014.30128.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/6312/overview
Behaviour
MalwareBazaar
CPUID_Instruction
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed setupapi.dll shdocvw.dll shell32.dll update.exe
Link:
https://www.filescan.io/uploads/6201cb9d845a69d7734be1e7/reports/b0be3a13-0c5a-40ab-99f7-d689e30e5387/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/35c366da-b05d-4338-9d66-b0ca1d548cae
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
6 / 100
Link:
https://www.joesandbox.com/analysis/935680
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d13edbb9da20126b75fd6f0d3c402fddcafdca90f81fd875b96a88c0028c431d/
Verdict:
unknown
Similar samples:
09f671389b1751b349057fbb454c9a8263e95fbb8af54f47a016abad4a925472
2534eecca5ed157444298473d7c9c82d9def5b0a93ac581b75dede2f1a0c0a56
3494fdebd477fb45b537334f415f6e7b56ad7aa2764f80472ee7cb705d30eb65
4d4b219a3788d8e40bd7083d421e3d7d399a065bd53afb6e74d3fb7ab2bc09bd
7097b016e2aead3d213343e1de7332fddc4d83e2e8c2f8329460738cb2dbea4d
79ffbaa84a7808f62c8d2453e7e7ad96312da7e7b2e0b62c02d38f4de75eb3ca
7e7fd605de6d3d6aa4dc413baa57e8045470e809cf5fd61b80b4b3c51ee39ce9
8b366eb1d6c2c558154131e350708add274315d91733f89a29d8306f53c4d09c
9e2bea46ed015f98e1fb7591e83f1cac52c51f5e3f004cc6a57c508dcef134e0
+ 286 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220208-b7kyqabha5/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Drops file in Windows directory
Unpacked files
SH256 hash:
d13edbb9da20126b75fd6f0d3c402fddcafdca90f81fd875b96a88c0028c431d
MD5 hash:
c62c13ad258b2bf04c3c99e7ee1da90b
SHA1 hash:
40d797cae37ff9d910a54b5ef86b5c3bd5d936c6
Link:
https://www.unpac.me/results/c791407d-9bf1-4c7e-b47d-83ebf984f181/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d13edbb9da20126b75fd6f0d3c402fddcafdca90f81fd875b96a88c0028c431d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/665593/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/237384/

Comments