MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1919f8b00e3d5be295fa1564fd8084f310d5edc1c0ec82a8d738c12eb3e1a3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	e1919f8b00e3d5be295fa1564fd8084f310d5edc1c0ec82a8d738c12eb3e1a3b
SHA3-384 hash:	55c49dfb2810f02911475d56b67680552ab678360e327de963b476f134d10cb1a41322949d6680ac67a63fcd03614a0c
SHA1 hash:	2d6a01f7aa3f7a3a1e290baa28a0ca41e84ecb0f
MD5 hash:	4b149386c2fe020964b23da6948cabd1
humanhash:	vermont-fruit-foxtrot-mountain
File name:	SecuriteInfo.com.FileRepMalware.29429.3632
Download:	download sample
File size:	2'535'936 bytes
First seen:	2022-11-27 09:33:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	49152:8KGZy65j97HsZLbPKfBFgIIlXZzEFanwB2zF3pxq3oHWX7vgiMh:8KGZfMJPiBSNz4awB2lq3oHwM
Threatray	212 similar samples on MalwareBazaar
TLSH	T10DC53315B8EEAAEBE43F6F785B7918FAD878D4E3F13B425101516EE693F418D82C4120
TrID	63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12) 24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.ICL) Windows Icons Library (generic) (2059/9) 1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

164

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

redline

ID:

File name:

Setup.exe

Verdict:

Malicious activity

Analysis date:

2022-11-26 21:01:40 UTC

Tags:

redline

Link:

https://app.any.run/tasks/14e297d1-4899-4c54-a2f9-e0c194f3f877

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/339002/

Detection(s):

SecuriteInfo.com.FileRepMalware.29429.3632.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/63832f0d00c584752ee21584/reports/d91d2c9d-c6bd-4005-a87e-c127ec266442/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e9bcb6e1-a8be-4d3e-95e1-0e7e68823eb3

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1121874

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e1919f8b00e3d5be295fa1564fd8084f310d5edc1c0ec82a8d738c12eb3e1a3b/

Threat name:

Win64.Infostealer.BroPass

Status:

Malicious

First seen:

2022-11-27 00:09:45 UTC

File Type:

PE+ (Exe)

AV detection:

18 of 26 (69.23%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4giz7cya4pk34kk7ufle7waij4yq2xw4dqhmqkunoogbf2z6di5q._file

Verdict:

malicious

3c4f456e84a4b82254480d17bd6db4c0a9ae6259e085b362b10183a82956d1ba

56529c2c9e4c0cef3eabea92c5c5e730d88728fac42ec5f3b980c312b4240057

656f5c1e8367a0b6e34dbf8e5740be127b4ffaa74a22a2164fcd68eff45580ff

6ad67b7dd47d2e625f7a143be485695dd20648a2363bd91ac079556624712354

a9e18560e367a43b940ba8ff800dc6eb77c44d03ebc9e1686d0f2e8e5496814a

bfc5d64bcd1a7b794c7168c4ebddd06b817865e9d785b826adbd894d78a1fc5a

e248d50df9fc8cc6ee14b6b703c623ca29019a673a5428f54851b085459e11b5

f90220b98550878f3056c732d437bae3026e4d7c7aa9bb733dbaa9c748cb80e7

+ 202 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/221127-ljsc1aff26/

Behaviour

Suspicious use of WriteProcessMemory

Deletes itself

Reads user/profile data of web browsers

UPX packed file

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/0ebda3a7-9896-47d3-8f8d-860319adf623

Unpacked files

SH256 hash:

717fde9ba668314e809aff92665c54402282e3a48d44c2fddc83118f09d03e5d

MD5 hash:

c387b3a2b7f2fe20d4b9ab2781f5a00d

SHA1 hash:

f1ae6a5454e94c267612afaa6e0482de420ec627

Link:

https://www.unpac.me/results/bdac2154-2b04-44bb-be95-5bf1f3ebef2d/

SH256 hash:

e1919f8b00e3d5be295fa1564fd8084f310d5edc1c0ec82a8d738c12eb3e1a3b

MD5 hash:

4b149386c2fe020964b23da6948cabd1

SHA1 hash:

2d6a01f7aa3f7a3a1e290baa28a0ca41e84ecb0f

Link:

https://www.unpac.me/results/bdac2154-2b04-44bb-be95-5bf1f3ebef2d/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/e1919f8b00e3d5be295fa1564fd8084f310d5edc1c0ec82a8d738c12eb3e1a3b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe e1919f8b00e3d5be295fa1564fd8084f310d5edc1c0ec82a8d738c12eb3e1a3b

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2434516/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/339002/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample