MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e95fce5ddbf7cb03f4929fc163682f64d2e06c9663abe7e42843e040fa581e3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e95fce5ddbf7cb03f4929fc163682f64d2e06c9663abe7e42843e040fa581e3b
SHA3-384 hash: 246e50e30f819b23d0b578f7559f2056d50d22005acbeff756d6ac4158c42d9b4af0959d637cc299cbe9c235dd55435c
SHA1 hash: 0ae804a6e2a5dd7519f6ed0fb1bf3b91bfebbf3f
MD5 hash: 023ba51b5e447dd15c898ecd9a7a3de6
humanhash: september-leopard-alaska-four
File name:NextyVpn.rar
Download: download sample
File size:69'184'962 bytes
First seen:2024-01-29 13:50:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 1572864:MrziNx5qwFpB8KBeBDOiR3hpVTBxdfqXFLWxixdM1iei1s9DCa:Hx5qwLADPR7VtxNqXFLWxAM1ir1a2a
TLSH T16DE733D3BEDA8067ED0479FA6B805CA06D0D341086357B63E156385F1833DC6EA6B27B
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter e24111111111111
Tags:nextyvpn.com rar


Avatar
e24111111154168
Distributed via: nextyvpn.com

Downloaded from: https://nextyvpn.com/download/NextyVpn.rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
GR GR
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Nexty 1.2.2.exe
File size:69'184'786 bytes
SHA256 hash: 50606b38ed6452d7a22a857f30b4f05e0d4b24351b838e346f2e1b603f03004a
MD5 hash: 39f1366b2e64639a419d43c656bd7d4b
MIME type:application/x-dosexec
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
installer lolbin masquerade overlay packed shell32
Link:
https://www.filescan.io/uploads/65b7ad51bc91f83c80700d77/reports/1b27e8ef-7358-44c1-9021-b490e81a9576/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/e95fce5ddbf7cb03f4929fc163682f64d2e06c9663abe7e42843e040fa581e3b
Result
Verdict:
MALICIOUS
Score:
21%
Verdict:
Benign
File Type:
Archive
Link:
https://malprob.io/report/e95fce5ddbf7cb03f4929fc163682f64d2e06c9663abe7e42843e040fa581e3b
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5fp44xo367fqh5est7awg2bpmtjoa3ewmov6pzbiipqeb6sydy5q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/240129-rb5w1sbdd7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Enumerates physical storage devices
An obfuscated cmd.exe command-line is typically used to evade detection.
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Drops startup file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

rar e95fce5ddbf7cb03f4929fc163682f64d2e06c9663abe7e42843e040fa581e3b

(this sample)

Executable exe 50606b38ed6452d7a22a857f30b4f05e0d4b24351b838e346f2e1b603f03004a

  
Dropping
SHA256 50606b38ed6452d7a22a857f30b4f05e0d4b24351b838e346f2e1b603f03004a

Comments