MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6816ec0fdc24c0d4af9ba973f1764af7bc1f32592090318dfeb6be036bcac03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6816ec0fdc24c0d4af9ba973f1764af7bc1f32592090318dfeb6be036bcac03
SHA3-384 hash: 6508dafe630ff43326c48540bf2ce58155c618fc59bfacca41aa910513368eed0c0c083f9c7c06f93d7830b4878e4887
SHA1 hash: 311c64db96f7c0b00b1fa4582cbee5bb9c1020da
MD5 hash: e2940574458fd1cc3235a22b30f48fdd
humanhash: quiet-louisiana-vermont-nevada
File name:e2940574458fd1cc3235a22b30f48fdd
Download: download sample
File size:192'512 bytes
First seen:2021-10-01 06:45:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f98cc9327e2d65cc6189a693f26e1c1d (5 x ArkeiStealer, 4 x RaccoonStealer, 3 x RedLineStealer)
ssdeep 3072:3gSguEtnGk+xIpEzfgJBBe4ChxY+2q/NfQoqTQyl6zZsqfPIAXz:3WuEtGk+ipEcWxJhqoqTQ0qfPD
Threatray 2 similar samples on MalwareBazaar
TLSH T10914E12138E0E872D7035971067AC7E336397A322B52553F7798179F3F70292A63AB16
File icon (PE):PE icon
dhash icon 4839b234e8c38890 (121 x RaccoonStealer, 54 x RedLineStealer, 51 x ArkeiStealer)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
58.exe
Verdict:
Malicious activity
Analysis date:
2021-09-29 20:30:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0decc565-97b2-47df-9823-95c1b0ee1f08

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/193885/
Detection(s):
Win.Packed.Generic-9897371-0
Create hunting rule

Win.Packed.Generic-9897389-0
Create hunting rule

Win.Packed.Generic-9897397-0
Create hunting rule

Win.Packed.Generic-9897548-0
Create hunting rule

Win.Packed.Generic-9897607-0
Create hunting rule

Win.Packed.Generic-9897616-0
Create hunting rule

Win.Packed.Generic-9897628-0
Create hunting rule

Win.Packed.Fragtor-9897699-0
Create hunting rule

Win.Packed.Generic-9898145-0
Create hunting rule

Win.Packed.Fragtor-9898153-0
Create hunting rule

Win.Packed.Generic-9898156-0
Create hunting rule

Win.Packed.Generic-9898162-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ae479aa4-b88e-4cb8-bf77-ed46c95404ea
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/862549
Signature
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e6816ec0fdc24c0d4af9ba973f1764af7bc1f32592090318dfeb6be036bcac03/
Threat name:
Win32.Trojan.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-09-29 01:59:00 UTC
AV detection:
36 of 45 (80.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
55c1b61d5940df62b653aafd57802c01b94ce1d6581217556a2ee34183fd67a8
f4fad363f0997fbbfff2fc9f073313e3735ee4f2e55f3165b6100e537bad87dd
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211001-hjmkzabae6/
Behaviour
Runs ping.exe
Suspicious use of WriteProcessMemory
Deletes itself
Executes dropped EXE
Unpacked files
SH256 hash:
7e9358bab51a99ef983808c5ff34468888af95eadfc242225117927f3f61888c
MD5 hash:
6d146f9195b29731a1fb4b11616be1f3
SHA1 hash:
103dfbb1680e935bfe39f4eb6ec49baddb348a47
Link:
https://www.unpac.me/results/589d910d-8417-4a63-b841-257ed11b6a90/
SH256 hash:
e6816ec0fdc24c0d4af9ba973f1764af7bc1f32592090318dfeb6be036bcac03
MD5 hash:
e2940574458fd1cc3235a22b30f48fdd
SHA1 hash:
311c64db96f7c0b00b1fa4582cbee5bb9c1020da
Link:
https://www.unpac.me/results/589d910d-8417-4a63-b841-257ed11b6a90/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e6816ec0fdc24c0d4af9ba973f1764af7bc1f32592090318dfeb6be036bcac03

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e6816ec0fdc24c0d4af9ba973f1764af7bc1f32592090318dfeb6be036bcac03

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1650139/
Cape
Cape
https://www.capesandbox.com/analysis/193885/

Comments


Avatar
zbet commented on 2021-10-01 06:45:52 UTC

url : hxxp://103.169.90.205/blog/upload/58.exe