MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eba36a46a6dbe28723a05b69234e2c1c7e151a1767fb66391970ed100a30279b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eba36a46a6dbe28723a05b69234e2c1c7e151a1767fb66391970ed100a30279b
SHA3-384 hash: 409da35ed2f2824ad11e7b3e04801a61eceda931dba262569831a3c547a9764dc3a42f9e4cf18bab5d98cc02edf1ca65
SHA1 hash: f3bb38464e4d5328e5c87853527ee5a8b44a2124
MD5 hash: 4163d9acbbc2efe8ca87d810a3795630
humanhash: london-vermont-orange-batman
File name:4163d9acbbc2efe8ca87d810a3795630.exe
Download: download sample
File size:3'799'040 bytes
First seen:2023-06-25 07:36:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 587a23ee0bccf95906f888e2a3c1c6b6 (7 x RedLineStealer)
ssdeep 98304:1QRUIl8dg54Ytt0B27tQ2gWimKRRRHOvQUnjmEX/My5FKEM5v36+RaB0x6cGeeem:yR5AUiVd8d/i5aB0x6bvhIRg7PUGZf0a
Threatray 52 similar samples on MalwareBazaar
TLSH T1E30612766150C23AE7CB0636C82B769C2409673F322FB65A9F6B8FB47B33A6DD144411
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
257
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4163d9acbbc2efe8ca87d810a3795630.exe
Verdict:
No threats detected
Analysis date:
2023-06-25 07:38:48 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b11506f5-1d52-43fb-a101-8812809e4a4a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/402575/
Detection(s):
Win.Malware.Lazy-10004914-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/92615/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/6497eea054672ac65f4c9b2a/reports/ca6b9b08-0a59-47a5-85e3-9cfa7245dc34/overview
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/eba36a46a6dbe28723a05b69234e2c1c7e151a1767fb66391970ed100a30279b
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c99a678d-cee8-4856-83bf-90bca4befe2a
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1261024
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 894044 Sample: snQZBhUT2b.exe Startdate: 25/06/2023 Architecture: WINDOWS Score: 52 15 Multi AV Scanner detection for submitted file 2->15 17 Machine Learning detection for sample 2->17 6 snQZBhUT2b.exe 1 2->6         started        process3 process4 8 WerFault.exe 24 9 6->8         started        11 conhost.exe 6->11         started        file5 13 C:\ProgramData\Microsoft\...\Report.wer, Unicode 8->13 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eba36a46a6dbe28723a05b69234e2c1c7e151a1767fb66391970ed100a30279b/
Threat name:
Win32.Trojan.Lazy
Create hunting rule
Status:
Malicious
First seen:
2023-06-25 01:55:25 UTC
File Type:
PE (Exe)
AV detection:
19 of 36 (52.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5orwurvg3prioi5alnusgtrmdr7bkgqxm75wmoizodwracrqe6nq._file
Verdict:
malicious
Similar samples:
0ee55c68bed9bdf9e0ebe2fd81fe2b4d740c31589ab7d7b94f17c97917b97166
1537ee9bef61f14ff47dabd8993382bc36278b041968bf1072970b2a6421635c
2e84eaf7bb4ffd6916ad23f53e320ee1584cc3c60dcbaeed2acdcca05801ae38
3b6586fe783767efcb3190f2965c718a636f85a152937dff883dec56b2bc9e5a
3bfa0107c919b679913bae710049ad72c96862a5e10a3e941ad4c21f5d397865
6de168d940cec462cc2cdead5a06a3b77a533558deb22bb4c0138ccb20f85f51
752c5346575c65d6b071b575cd4bc98ca840bab2426a1917eaea96894efc8c02
87110b5760efb27f9c86aef51ae91d7f8cc10557537b1b9ed407c6cecd118ed1
a67e1a296014ab986232d32f1836f815576f04ede2781b6c42f89098fb1c0368
d6102c66ad900fb550fe95cd850a2e089d1221e1d02e3a74129696c494b3c780
+ 42 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230625-jftesaed7x/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
eba36a46a6dbe28723a05b69234e2c1c7e151a1767fb66391970ed100a30279b
MD5 hash:
4163d9acbbc2efe8ca87d810a3795630
SHA1 hash:
f3bb38464e4d5328e5c87853527ee5a8b44a2124
Link:
https://www.unpac.me/results/c0f02648-5bc4-487e-968c-4c5943b95d46/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eba36a46a6dbe28723a05b69234e2c1c7e151a1767fb66391970ed100a30279b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_stackstrings
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe eba36a46a6dbe28723a05b69234e2c1c7e151a1767fb66391970ed100a30279b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2665674/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/402575/

Comments