MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7322d2705ab994d8769ca74cb6e109018d07afd764393ad89354d8ee98da914. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RustyStealer


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d7322d2705ab994d8769ca74cb6e109018d07afd764393ad89354d8ee98da914
SHA3-384 hash: 833f381ad889797415538804659b51d4bc5f5104c2261a1909529f4767bd4287df74fb1bf97f4afc3290c54e932405f0
SHA1 hash: 35ab0cafa4dd57f552276b05d86e74dfe112f4ba
MD5 hash: 02b8cb8730c406478b6dc0443e3fa25a
humanhash: muppet-lake-fillet-oranges
File name:02b8cb8730c406478b6dc0443e3fa25a
Download: download sample
Signature RustyStealer
Create hunting rule
File size:386'048 bytes
First seen:2021-11-11 01:32:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 25b968091be59d259f0897499d7c418f (1 x RustyStealer)
ssdeep 6144:+PhXAdE12Fxdv/Fp+SetZ7U63wNIuS1RjcyJMpwjblZmN2tvgWxOV5/KDlT3bn5V:+1AdE12FDFkj0pwjbeUtvgOO
Threatray 2 similar samples on MalwareBazaar
TLSH T154844B07F29150E8D02AD47483576532FA717C498722BEEB27E46A312E71FD0AB3DB49
Reporter zbetcheckin
Tags:exe RustyStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/204894/
Detection(s):
Win.Dropper.ClipBanker-9906314-0
Create hunting rule

Win.Dropper.ClipBanker-9906315-0
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug monero
Link:
https://www.filescan.io/uploads/618c7298a00afa9663a3826d/reports/398d1b07-c3ed-405d-a6b9-b4b7eea34cfb/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/510a9134-6a5c-44a0-8ea3-2b9a302cce64
Result
Threat name:
MicroClip
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/887210
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected MicroClip
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d7322d2705ab994d8769ca74cb6e109018d07afd764393ad89354d8ee98da914/
Threat name:
Win64.Infostealer.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2021-11-06 20:13:11 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
dc050b963c642e86bf74da5e85fbfcb0b3c12bd692808bf8ae12a36f4bcf3c84
RustyStealer
fca3a8527a1f895a5aa06d5cec9ba6be6644ae8ba144a0f3be590f4c4e761cfe
RustyStealer
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/211111-bxzn5aaef2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Drops startup file
Unpacked files
SH256 hash:
d7322d2705ab994d8769ca74cb6e109018d07afd764393ad89354d8ee98da914
MD5 hash:
02b8cb8730c406478b6dc0443e3fa25a
SHA1 hash:
35ab0cafa4dd57f552276b05d86e74dfe112f4ba
Link:
https://www.unpac.me/results/8c58a8b5-3089-4e2c-b2e1-0f2cd5ed2b30/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d7322d2705ab994d8769ca74cb6e109018d07afd764393ad89354d8ee98da914

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Rustyloader_mem_loose
Create hunting rule
Author:James_inthe_box
Description:Corroded buerloader
Reference:https://app.any.run/tasks/83064edd-c7eb-4558-85e8-621db72b2a24

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RustyStealer

Executable exe d7322d2705ab994d8769ca74cb6e109018d07afd764393ad89354d8ee98da914

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1775141/
Cape
Cape
https://www.capesandbox.com/analysis/204894/

Comments


Avatar
zbet commented on 2021-11-11 01:32:06 UTC

url : hxxp://antivirf.ru/System.exe