MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e74a586b8f1c0b606cde2a079a333ce8f93a3ccf133b049d2de243e52989a275. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	e74a586b8f1c0b606cde2a079a333ce8f93a3ccf133b049d2de243e52989a275
SHA3-384 hash:	165ca399ab8be1cfae25612c371155e469bca4587a2c1ab4930237cc866e1800e93814f23af388254c641aa1c3a8ed9b
SHA1 hash:	d1079726af15024dc5ffb101b73f116263fd92df
MD5 hash:	67502a9cb7beee1ab216c32947d94871
humanhash:	iowa-twelve-maine-california
File name:	67502a9cb7beee1ab216c32947d94871.exe
Download:	download sample
File size:	601'088 bytes
First seen:	2022-05-08 07:03:38 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	81f93e0425d1cb8bcc2296e1ff12e517 (1 x RedLineStealer, 1 x Smoke Loader)
ssdeep	12288:JhMubsn6e1TcbG2BLHr2snQebqmh8Ec7zpf36Dx4bDY:7gnt1QS6zr2euoWc
Threatray	62 similar samples on MalwareBazaar
TLSH	T11ED4F100FBA0D435F5B712F8563A87A8BA3E7EA1572441CB62C53AFA56346D0ED3071B
TrID	39.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 29.5% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 9.9% (.EXE) Win64 Executable (generic) (10523/12/4) 6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	b2dacabecee6baa6 (148 x RedLineStealer, 145 x Stop, 100 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

232

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

67502a9cb7beee1ab216c32947d94871.exe

Verdict:

Malicious activity

Analysis date:

2022-05-08 07:05:10 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1a7e632b-ca1f-4bc6-b1f0-d92a89baece2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/269312/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware2.9751.31327.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Sending a custom TCP request

Rewriting of the hard drive's master boot record

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/16681/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/62776b7ab119a5f609aed89b/reports/65919567-411f-4815-94be-c533c07ea641/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Gathering data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

expl.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/989665

Signature

Contains functionality to infect the boot sector

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected UAC Bypass using CMSTP

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e74a586b8f1c0b606cde2a079a333ce8f93a3ccf133b049d2de243e52989a275/

Threat name:

Win32.Trojan.DiskWriter

Status:

Malicious

First seen:

2022-05-08 07:04:10 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

19 of 26 (73.08%)

Threat level:

5/5

Verdict:

malicious

7488777dd491486b1aea7ec37b6131334f94bc3f90261d91f06a5156f0530232

770f8cd0cae0a7525234dfc5b25f21b90090513d3f80fa06e8c22107ca8bbe01

7e95736b12f455cd096c0eff4a9dfa5b4e3c8108c55464447868ba4351e91fbb

b1a3602f2628080fa758575fba82bf62fd7de058055a9491f9eac87fda31a2e5

cab31c58eec5fac87df0c7cf52df12ab43280e4e8b9ee50fcde4017689c976b3

cf693fb0c08e8e23de98bb5b848e6ee6f359f1efb26d1488bb9030c899d45005

f40a47af762b5f2270be9a10058551c5a134a2f22210422ab53481569e08ac00

f898e35329ae242f1f8c0e64efde783e9742671336598ad9824073decae40f4a

fae0a0d40cb12f14a4eeaee7171c948688bed15ec8718de8c65834023ecac97f

+ 52 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

bootkit persistence

Link:

https://tria.ge/reports/220508-hvxv3sadb8/

Behaviour

Writes to the Master Boot Record (MBR)

Unpacked files

SH256 hash:

84e72630846de776f4fca099faca59500751e877ef1e9e0f4c9ff73292f44b43

MD5 hash:

ce5b0d18a6bba7f3c206ae567723968a

SHA1 hash:

71691165b0e385fa616e59fb1af3021d511b4db5

Link:

https://www.unpac.me/results/a9bfea18-3f4e-48c4-b7cf-98220184c7e9/

SH256 hash:

e74a586b8f1c0b606cde2a079a333ce8f93a3ccf133b049d2de243e52989a275

MD5 hash:

67502a9cb7beee1ab216c32947d94871

SHA1 hash:

d1079726af15024dc5ffb101b73f116263fd92df

Link:

https://www.unpac.me/results/a9bfea18-3f4e-48c4-b7cf-98220184c7e9/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e74a586b8f1c0b606cde2a079a333ce8f93a3ccf133b049d2de243e52989a275

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/269312/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample