MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mekotio

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a
SHA3-384 hash:	4529a6a0dac96c1fd89aac940f04ebafd74a1856b3ba6bc6677333e21ca2df6aadbf8d0247a977b8c5ec32edf996e740
SHA1 hash:	05e491bc1b8fbfbfdca24b565f2464137f30691e
MD5 hash:	03c469798bf1827d989f09f346ce95f7
humanhash:	hamper-hawaii-blue-rugby
File name:	l4jb9w049j00h704k2exk46qooo
Download:	download sample
Signature	Mekotio Create hunting rule
File size:	910'336 bytes
First seen:	2023-01-17 14:24:27 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	843075fba28109153465b53d9d36a319 (1 x Mekotio)
ssdeep	24576:mjSsPIqS9jL0rJ3n770E9d8qTtE4n4CucuH:GzyH0ZOqTGQ4CDu
Threatray	989 similar samples on MalwareBazaar
TLSH	T1CC157B52B3C3C0B2EFA219F2D5B957361939BC38173889DB73D4382DC9A06C1AA75356
TrID	40.5% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 17.0% (.SCR) Windows screen saver (13097/50/3) 13.6% (.EXE) Win64 Executable (generic) (10523/12/4) 8.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	fccccce4cccc4cbe (3 x DCRat, 2 x AsyncRAT, 1 x RedLineStealer)
Reporter	abuse_ch
Tags:	exe l4jb9w049j00h704k2exk46qooo Mekotio

Intelligence

File Origin

# of uploads :

1

# of downloads :

193

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

https://autohotkey.com

Verdict:

Malicious activity

Analysis date:

2022-09-21 13:29:42 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/05df121d-4ccc-4e1f-922c-a94223dc08a4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/353815/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a custom TCP request

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/60974/overview

Behaviour

MalwareBazaar

SystemUptime

MeasuringTime

CheckCmdLine

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware keylogger shell32.dll

Link:

https://www.filescan.io/uploads/63c6afc0afdaca54d438cdb9/reports/5c6d0852-0e1a-4078-abbc-5d9d848e8730/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/5fdd92cb-3eab-4500-ac79-523aa981c98a

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

spyw.evad

Score:

31 / 100

Link:

https://www.joesandbox.com/analysis/1151596

Signature

Contains functionality to register a low level keyboard hook

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=32d4q4j7vqacwcykb6nqfrhd5pgm6zjifirplk2zcku5uahtlqva._file

Verdict:

unknown

Similar samples:

248b0f8740d4c1772675dd789d4995e00ef5b9ed8503e5760cd2eb6e731aff90

3b25269ee1bf950e149d758ce4074f0ddca17282fb933bc44f9a77e6d495dc1b

4ad88b6a825af9e1eba56356bc13c02c4e49e3af64ff0eb2d09c7aeefe17e1ed

635329a3e60baf7fc0d50d16b87c4ddc8f9300c710696dde863c3d90abb1b4a3

7aed2f04618c60642965a3544d5927aa58b4092c1cce70c3a9ed55f161bb4a0a

964fbbc3b3a80e3e378e88f8c523d72e539ba06e46643ed212bc0609871fff4e

a6bcd88a72bae764602195f8e224181ece313cc17c3f1bdc7f70f8276ab22701

b324bf2765637c425eea72826c3a1524873fc8b2dc7c06cf9f5b3312bde8861a

de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a

+ 979 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/230117-rq95aadd6z/

Unpacked files

SH256 hash:

de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a

MD5 hash:

03c469798bf1827d989f09f346ce95f7

SHA1 hash:

05e491bc1b8fbfbfdca24b565f2464137f30691e

Link:

https://www.unpac.me/results/5c3cf6af-abb4-4770-be36-cf88c554821c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/353815/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample