MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db78805d0267b4c28d933f9ed363ae4fa2019aeb7f219a80286cf9be117172d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db78805d0267b4c28d933f9ed363ae4fa2019aeb7f219a80286cf9be117172d3
SHA3-384 hash: 29b67836deeb34003b020a69ad46e4271013ab2269039d67803e58e400f3b09397d4fe075819c528844c30940fd41dd9
SHA1 hash: 5a8ad33e3f410af042d882fd979c95fd27129f0a
MD5 hash: d7b23bcb14cec70d6b816a67b2366748
humanhash: july-video-music-seven
File name:SecuriteInfo.com.Variant.Tedy.216835.24786.9433
Download: download sample
File size:9'621'668 bytes
First seen:2022-11-10 12:52:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0bbecc8e9f9f17b0ea9cc3899b15e5cf (1 x RedLineStealer, 1 x CortaBot, 1 x CobaltStrike)
ssdeep 196608:Wd4EdkmEbGXV7ICteEroXxoczlxZV3Gu5D4S26/CS37Hwvd+W0T0fv6y8QSrgeG:04DmEWInEroXF14S26bQF+WhfJ8/G
Threatray 58 similar samples on MalwareBazaar
TLSH T1DBA633E46BB42CF6E4664073A828E43CE1F3FC108790D46F5B6AE6091D6B6E13D76E05
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 00414f4f4f4f4700 (14 x CoinMiner, 12 x RedLineStealer, 12 x NodeLoader)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
169
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Variant.Tedy.216835.24786.9433
Verdict:
No threats detected
Analysis date:
2022-11-10 12:52:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4c0f8e37-af67-4571-b161-f080cd3e7411

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/331929/
Detection(s):
SecuriteInfo.com.Variant.Tedy.216835.24786.9433.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
DNS request
Sending a custom TCP request
Searching for the window
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/50933/overview
Behaviour
MalwareBazaar
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
compromised greyware overlay packed
Link:
https://www.filescan.io/uploads/636cf4307662ecf10839901d/reports/68253ae5-f71b-4b1b-b61a-81110c7bb72d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/acc25e98-4e23-49d8-9384-a3168d7258a9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1110384
Signature
Multi AV Scanner detection for submitted file
Potentially malicious time measurement code found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/db78805d0267b4c28d933f9ed363ae4fa2019aeb7f219a80286cf9be117172d3/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3n4iaxicm62mfdmth6pngy5oj6radgxlp4qzvabint434elroljq._file
Verdict:
malicious
Similar samples:
04a31ae8a31bb4144d7392040442f4a38e8301cc550124cc47d012a0eba71bdd
3b0627313c0c8731f0b7250bae43fe2df57bd8b05f06017222de8edd91d22c90
414d8e74cdb96fe1e8742018494be41cdebd5c11804a30a7876a5bcd7bf01764
476a05d5c8ef4444f96cbd02c3a315c56227b7510f75e82249a449bb79e977fc
4b56d8713523dea09695ec6beef98608c234e5f8a9be77be931a687c080fb0f1
6e86ad43d7677a7d9a81ac9dd17df97703dfb49ee4456601b4fa2edd518ce0e5
8befc91b605e2dd3ee8917f6e4b2ab943ec7900d257b704955c2defc0328b4d8
af828a7abf4cb31d7e12b5a2e45e99e5009f3c9f5cefe0760fa0ab880f642794
f976cfadb68d079d3190bb3b256e6a5e216f1d33ef0cfb4bd0639c062be690e9
+ 48 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
pyinstaller
Link:
https://tria.ge/reports/221110-p4l89saaa5/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/33402700-152e-4588-9219-71e36898311c
Unpacked files
SH256 hash:
db78805d0267b4c28d933f9ed363ae4fa2019aeb7f219a80286cf9be117172d3
MD5 hash:
d7b23bcb14cec70d6b816a67b2366748
SHA1 hash:
5a8ad33e3f410af042d882fd979c95fd27129f0a
Link:
https://www.unpac.me/results/9bd91cbc-e9f3-48db-8946-433fac72fd9c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.56
Link:
https://yomi.yoroi.company/submissions/db78805d0267b4c28d933f9ed363ae4fa2019aeb7f219a80286cf9be117172d3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller.
Rule name:SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1
Create hunting rule
Author:Florian Roth
Description:Detects a binary signed with the leaked NVIDIA certifcate and compiled after March 1st 2022
Reference:https://twitter.com/cyb3rops/status/1499514240008437762

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe db78805d0267b4c28d933f9ed363ae4fa2019aeb7f219a80286cf9be117172d3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2406739/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/331929/

Comments