MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebdb0f767c67668f941f677249b5ca06ea5ef9cf174373b3869b73bbeab24c89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebdb0f767c67668f941f677249b5ca06ea5ef9cf174373b3869b73bbeab24c89
SHA3-384 hash: da450b5ad29d3b896c129fa27a291a348f39e8babc1c8b2c1a9a73abb0dba83453d1061276e35a90ed8c772a1149ab82
SHA1 hash: 8b2e2c81c8437b44ab32c8053e417ca328ae8fc8
MD5 hash: ea20cee0a8141a90a074358640d12941
humanhash: robin-pennsylvania-black-fix
File name:SecuriteInfo.com.FileRepMalware.1205.16193
Download: download sample
File size:1'306'624 bytes
First seen:2022-11-23 15:34:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dc1faea0823a1a2f3f015766e937e6d0
ssdeep 24576:Msa2aV9a4oH/IXs3wzuPPfI5uduQCtm+Sg40Q5mrCkhb/:MmIXWPPfIpNtm+SeQ4
Threatray 239 similar samples on MalwareBazaar
TLSH T16655BF03B69380F2D9593A7114B6173AAD388B051E24CA93E7F4ED6E7F331A29737119
TrID 31.5% (.EXE) InstallShield setup (43053/19/16)
22.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
12.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.5% (.SCR) Windows screen saver (13097/50/3)
7.7% (.EXE) Win64 Executable (generic) (10523/12/4)
dhash icon a261bae8d2a896ca (39 x Blackmoon, 9 x Gh0stRAT, 3 x CobaltStrike)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.FileRepMalware.1205.16193
Verdict:
No threats detected
Analysis date:
2022-11-23 15:36:04 UTC
Tags:
installer
Link:
https://app.any.run/tasks/1760933c-4dbb-42f7-9728-92efa7da7aab

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/337719/
Detection(s):
SecuriteInfo.com.FileRepMalware.1205.16193.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware keylogger packed shell32.dll
Link:
https://www.filescan.io/uploads/637e3dae09001aa64bb92e7e/reports/da99af54-6d34-4f73-9308-35c6f44ac5a9/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
KRBanker
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2053bd97-e5ce-43ab-80f5-6a36ff2db3cb
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1119848
Signature
Detected unpacking (creates a PE file in dynamic memory)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ebdb0f767c67668f941f677249b5ca06ea5ef9cf174373b3869b73bbeab24c89/
Threat name:
Win32.PUA.FlyStudio
Create hunting rule
Status:
Malicious
First seen:
2019-06-19 22:14:57 UTC
File Type:
PE (Exe)
Extracted files:
52
AV detection:
17 of 29 (58.62%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5pnq65t4m5ti7fa7m5zetnoka3vf56opc5bxhm4gtnz3x2vsjseq._file
Verdict:
malicious
Similar samples:
1dbdc397481611fefba4b8a8291c7613a7c01de2ba1919299540d3eb40d52e80
4bb4435958fa48762b34905fc5ac50c78878eccb33252f72cb037d664cb60fc9
56133c0d017af35f49253926e3583cf72c36146ab7faa65b6058971685166652
6ce171619dd97a51a8d5e6a4eaeea86f4fea6ed400c9e0a879b690b4fbd0a6b4
79570a16122dfc2492b9d618b40939fc91f46f9afe1664d1fd479cd54d7fb4f1
799b7395c9f279d8cd1cd24657788ecb37db7ae03c0dddeb3344a95a551d1325
82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55
94b85015bb3beb57e1810aec53712b8158fa10e3a970b0ee65484be34b3073cd
a578e71d04eae80004ab431497c95fb9779a95dc7f0c60996c24c1cb7139745d
e6902e5efb53a1de2af93809a5103603aa8115e0f80fa95ade2461947bff4c7e
+ 229 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221123-s1dphafg6z/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
1608257b66663af1be47e78afd73da1450c203c58f58a3339a1cd80608fa518c
MD5 hash:
9e35a6d3f583771a42525fbf231621d8
SHA1 hash:
c095b62618cb63ae29713c3a1821afe18573ddd1
Link:
https://www.unpac.me/results/ec233116-178d-4f4c-89fb-3f8fc5b25f2d/
SH256 hash:
ebdb0f767c67668f941f677249b5ca06ea5ef9cf174373b3869b73bbeab24c89
MD5 hash:
ea20cee0a8141a90a074358640d12941
SHA1 hash:
8b2e2c81c8437b44ab32c8053e417ca328ae8fc8
Link:
https://www.unpac.me/results/ec233116-178d-4f4c-89fb-3f8fc5b25f2d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ebdb0f767c67668f941f677249b5ca06ea5ef9cf174373b3869b73bbeab24c89

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:meth_peb_parsing
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/337719/

Comments