MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb8faad12b1bc7657060878a8b672344c95a0a6cdedeedf7b2702c7add6a815d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TitanStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb8faad12b1bc7657060878a8b672344c95a0a6cdedeedf7b2702c7add6a815d
SHA3-384 hash: 0f1b089852120df223b4ec34ce84359e7bb7f735118a6c42f83656c2d52e0fe90521fe0761aed933cba6f62db30de273
SHA1 hash: c9870daede50e20cb277f77c6c7971b901dcabbc
MD5 hash: 5e79869f7f8ba836896082645e7ea797
humanhash: mississippi-music-violet-zulu
File name:5e79869f7f8ba836896082645e7ea797.exe
Download: download sample
Signature TitanStealer
Create hunting rule
File size:1'944'064 bytes
First seen:2022-11-13 18:44:44 UTC
Last seen:2023-08-26 22:06:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0786c982c56ed4df804e0324f92ac5f2 (1 x TitanStealer)
ssdeep 49152:gJITj5vYj4wgNqeofqorg2CqVqXjtTTK/:IIv5Qj4wgATg2CqVaRq
Threatray 7 similar samples on MalwareBazaar
TLSH T1E7956CF62DBF4F95EF391E754CF0CB87583F16E5D611116992848ACA61E8DE02C20CAE
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe TitanStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5e79869f7f8ba836896082645e7ea797.exe
Verdict:
Malicious activity
Analysis date:
2022-11-13 18:47:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/33217896-03ea-4eb4-9b6b-711b82a8b350

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/333406/
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.93532.14742.12165.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Reading critical registry keys
Using the Windows Management Instrumentation requests
Stealing user critical data
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware packed
Link:
https://www.filescan.io/uploads/63713b2f4dc24c6f80b7fa62/reports/fec8ff54-3ca2-44d3-a1b1-bed85d002f10/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/05c13665-474f-41a5-a0dc-f80a9a17579b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1112403
Signature
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Found potential dummy code loops (likely to delay analysis)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb8faad12b1bc7657060878a8b672344c95a0a6cdedeedf7b2702c7add6a815d/
Threat name:
Win32.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2022-11-13 18:45:09 UTC
File Type:
PE (Exe)
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5oh2vujldpdwk4daq6fiwzzditevuctm33po355soawhvxlkqfoq._file
Verdict:
malicious
Similar samples:
30c1f93a3d798bb18ef3439db0ada4e0059e1f6ddd5d860ec993393b31a62842
TitanStealer
5183c27d986a7a6682d0f57a40eff9c2e458ddfd8175f849fe9390e46b1a7cf5
TitanStealer
7bb10303027c42b4893bc186be547fbd8f0d59a8a8171703c8ad88680831785f
TitanStealer
883e12a7cd81c09838284e4dbda9caa9d8df6ac57234e14ee0ee02bb2fcc2329
TitanStealer
a7dfb6bb7ca1c8271570ddcf81bb921cf4f222e6e190e5f420d4e1eda0a0c1f2
TitanStealer
be607f4670ec8ae8808e6c46603344dcd3d0e58c7e2c7644cf6a360e60f92ce7
TitanStealer
e252a54e441ea88aafa694259386afd002153481af25a5b7b2df46d17ac53fcc
TitanStealer
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/221113-xd2j9sfe61/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Uses the VBS compiler for execution
Unpacked files
SH256 hash:
eb8faad12b1bc7657060878a8b672344c95a0a6cdedeedf7b2702c7add6a815d
MD5 hash:
5e79869f7f8ba836896082645e7ea797
SHA1 hash:
c9870daede50e20cb277f77c6c7971b901dcabbc
Link:
https://www.unpac.me/results/bb797528-657c-481c-b50e-f9bc599a2bb0/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/eb8faad12b1b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eb8faad12b1bc7657060878a8b672344c95a0a6cdedeedf7b2702c7add6a815d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TitanStealer

Executable exe eb8faad12b1bc7657060878a8b672344c95a0a6cdedeedf7b2702c7add6a815d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2409906/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/333406/

Comments