MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dbe10036d4c3b406a2396da6c87062803b44ff5fa3b29bc08222d818e5b99108. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dbe10036d4c3b406a2396da6c87062803b44ff5fa3b29bc08222d818e5b99108
SHA3-384 hash: e16a32d31eb48f646072c8cb82e93a7e2b3e3ae3037bfed124bc18d95f3b46f28eec4ad263045f3fd9f1d92551bcf0aa
SHA1 hash: 4972e2ede5f4eac8bba69691108074891d0cbdf8
MD5 hash: 2dedc3dfa09be884b673da3fc23b14be
humanhash: oven-artist-muppet-orange
File name:2dedc3dfa09be884b673da3fc23b14be.exe
Download: download sample
File size:157'696 bytes
First seen:2021-07-14 15:24:43 UTC
Last seen:2021-07-14 17:07:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e44fb8625920664349d927b39e5614c8 (1 x Downloader.Upatre)
ssdeep 3072:nz8qB8b+YWRzy5T9Ixj2Q5C2APy1LofKkcf1JcwQe9uJ21tWDF2:nz8Tb+JRzy5TYjB0PPy1LaXM16k9uk1T
Threatray 234 similar samples on MalwareBazaar
TLSH T14BF3294773E860F9E0B6973489B24645E7B67C7157718B8F0760366E2F336909E38B22
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2dedc3dfa09be884b673da3fc23b14be.exe
Verdict:
No threats detected
Analysis date:
2021-07-14 15:29:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/80695124-4a29-4fe5-b0c9-42fe703ad43c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171736/
Detection(s):
SecuriteInfo.com.Win64.TrojanDownloader.Agent.LA.15922.28029.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/dab3f8d7-8553-4c8c-81d5-3dad21637808
Result
Threat name:
Backstage Stealer
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/816444
Signature
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Backstage Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dbe10036d4c3b406a2396da6c87062803b44ff5fa3b29bc08222d818e5b99108/
Threat name:
Win64.Downloader.Upatre
Create hunting rule
Status:
Malicious
First seen:
2021-07-14 15:25:07 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  3/5
Verdict:
malicious
Similar samples:
2263fd1332612187cb951793ae3b34b74bd815da95d82b9d04d1fd6facb8311b
3c167530a131f9dc899b73b9eac971b38e44d41cf291893fde8e575602c2b846
46836190326258f65c9dbc1930b01e9d3de04996a1a2c79e39a36c281d79fe0a
48643d9ccc694960fb84f505524d0f148a0331a7e2569171ff3999dd60bc7154
510d3eadc5652908d47db79067009b04cf4e9234720f052e90cc7d18ffad0b20
9329d5d88208298ef930bd5f126aec96ac18c08933872b36bdbbf041a6cb462a
af350212764e6304bf417e81cf0009b494119670e4bc1b187cd79cf4c487c7b6
afdbdff7a2510b208b5ebc47ac621ff14a15aa5673ed6cdf7f7f0f8ad4c1e1fb
b078ecc8ba8dd8edd846668866738cba3f803a679b089dfd5b4ca4076c81b82b
efea5e4af45434b028bbb6f0f45e57d74cc37a0d46ba85921f456806d48bc97c
+ 224 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/210714-7f668vrx66/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Downloads MZ/PE file
Executes dropped EXE
Nirsoft
Unpacked files
SH256 hash:
dbe10036d4c3b406a2396da6c87062803b44ff5fa3b29bc08222d818e5b99108
MD5 hash:
2dedc3dfa09be884b673da3fc23b14be
SHA1 hash:
4972e2ede5f4eac8bba69691108074891d0cbdf8
Link:
https://www.unpac.me/results/cb06c6ad-976c-4a14-963e-b9c29e8cc552/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dbe10036d4c3b406a2396da6c87062803b44ff5fa3b29bc08222d818e5b99108

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe dbe10036d4c3b406a2396da6c87062803b44ff5fa3b29bc08222d818e5b99108

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/171736/
  
URLhaus
https://urlhaus.abuse.ch/url/1453974/
  
Delivery method
Distributed via web download

Comments