MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec48f9dd063b97ba098a1f3fb34f923452f6dcb47e0e8b19ab6a1d96d776738d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec48f9dd063b97ba098a1f3fb34f923452f6dcb47e0e8b19ab6a1d96d776738d
SHA3-384 hash: ca550d379d2e10c4b108f292e68e5c7e1a07f703d5b299edf0d2229c6286591801458182cd49af6b27c7226b881ba038
SHA1 hash: 6b259e03fa6a3405f42dd2369d6eb3a56bbe2bf6
MD5 hash: 1551af76043294c6fb3b589398df2395
humanhash: mockingbird-wolfram-cup-beryllium
File name:SecuriteInfo.com.Trojan.GenericKD.37253417.29766.22292
Download: download sample
File size:4'481'024 bytes
First seen:2021-07-18 15:45:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bc0a793cc36ffe00c73bc06d7c6e7b1a
ssdeep 98304:xcEgyVkr3EWqFcg1jcxoyn6zIsY+TZQB5tPf2KCJnl:xxgYkr0WqFcg1j+OzI377vCJnl
Threatray 21 similar samples on MalwareBazaar
TLSH T1D32622A38A314089E1E6DC3DB637BEE0B1F60B6FCB41787869EEA5C524634D19217C53
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://cdn.discordapp.com/attachments/837741922641903637/866064263189233694/GoogleInstall.exe
Verdict:
Suspicious activity
Analysis date:
2021-07-18 14:29:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/988b7239-f978-481e-80f0-858e4aa78755

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/172424/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37253417.29766.22292.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a4beef40-7967-4058-ab0b-1c66ac6f8fad
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/817940
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec48f9dd063b97ba098a1f3fb34f923452f6dcb47e0e8b19ab6a1d96d776738d/
Threat name:
Win32.Trojan.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2021-07-18 01:08:53 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1b189602123e4dba4522d442877fb0862a8fbbc4cc6d187954ba27039bea7d9c
22a49fd2468178e5b33cad08985adde50f0530a33260affc58bee6b2401005a9
2ace0be70434934b6e140f679a0c1551dd589abedfb1f6abeb5ceffaf0a1b9d9
36cbc77a5caaf8f805bc7347ee4cd27657fca600ea5e202e633aca7a09d73297
3c2fa1d04daaea31991c29bb4118c3d146a50815a033ea5ae325c3171ebdf713
3e5bbf9fcae918011ec4eee75ac6402fddf20d09fef95b362d0e226d56b80f1d
4098b54c9d27b00ce34d04ffac24213ed28993a2854827851b157d63407c2e4e
81d14d241a35f52dae782c57784168f5295776984eb55d9f88f9f0cf12e67f72
84783081ade87f5a4a1902a275eb66c7fe8ebef9e43cdd2d4527bdb1a5a51f04
b9f5bca9a22f08aad48674bc42e4eaf72ab8aa3d652ba7a10dc4686b5b183a33
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210718-sptnl45rn2/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
57af7f6183f57af01c4268c2dead11b7ff20bec730711d2987d337117baa7aac
MD5 hash:
616fd4b1c29285cb0791f87dabdc8013
SHA1 hash:
ea751a04b354b267ff6b3813c02f62663e1c72bc
Link:
https://www.unpac.me/results/415e26a1-cbcb-494a-9c76-130e91ea8eac/
SH256 hash:
ec48f9dd063b97ba098a1f3fb34f923452f6dcb47e0e8b19ab6a1d96d776738d
MD5 hash:
1551af76043294c6fb3b589398df2395
SHA1 hash:
6b259e03fa6a3405f42dd2369d6eb3a56bbe2bf6
Link:
https://www.unpac.me/results/415e26a1-cbcb-494a-9c76-130e91ea8eac/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ec48f9dd063b97ba098a1f3fb34f923452f6dcb47e0e8b19ab6a1d96d776738d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ec48f9dd063b97ba098a1f3fb34f923452f6dcb47e0e8b19ab6a1d96d776738d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1463745/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/172424/

Comments