MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec6032cb680aeaf9bd2a73b57a868fc40d5309fc4c4529ab2277df7bff40bd73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec6032cb680aeaf9bd2a73b57a868fc40d5309fc4c4529ab2277df7bff40bd73
SHA3-384 hash: 153f3270f184e070046a6a313df14a254d0a3732ce29b61caac41ae056a330a3346bf13e452fea4764285819faae19b4
SHA1 hash: 803898f909d4df9a13283a028a5006a4c7ca1fe6
MD5 hash: b16107babc1df1c23c7ede4846118156
humanhash: alpha-undress-cardinal-magnesium
File name:ChromeSetup_v1.3.37.361.exe
Download: download sample
File size:5'879'008 bytes
First seen:2024-02-08 00:45:08 UTC
Last seen:2024-02-08 02:26:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 93d3061ab6eca5cb72fa65a453e04fb8
ssdeep 98304:c/+Lo5F4mCRPHntW2TnfMMm10dHvyeGErZirXcygB9licGOwEskIo4M3:PLzmmHnY8kMm1aH1YXcXB9VGqskn
TLSH T1524633E2F35B7563F7F40EB0A6E6C603594439A982EA187B733C0F60D6B69704137692
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4504/4/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon e8f0c8cd4d88c0e0 (10 x ValleyRAT, 8 x DonutLoader, 2 x CoinMiner)
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
440
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/475256/
Detection(s):
SecuriteInfo.com.Win32.CrypterX-gen.11294.28780.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin masquerade overlay packed shell32
Link:
https://www.filescan.io/uploads/65c4244ce8d5f6639a36320f/reports/9119db7b-f8d3-4351-99b5-3af6a82d9dff/overview
Verdict:
Malicious
Labled as:
GenKryptik.GTME trojan
Link:
https://www.hybrid-analysis.com/sample/ec6032cb680aeaf9bd2a73b57a868fc40d5309fc4c4529ab2277df7bff40bd73
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/8b12f98e-9a10-4da9-bdb2-44bd1e8dc4fd
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
51 / 100
Link:
https://www.joesandbox.com/analysis/1388739
Signature
Detected unpacking (changes PE section rights)
Drops executables to the windows directory (C:\Windows) and starts them
Found evasive API chain checking for user administrative privileges
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Score:
64%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/ec6032cb680aeaf9bd2a73b57a868fc40d5309fc4c4529ab2277df7bff40bd73
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec6032cb680aeaf9bd2a73b57a868fc40d5309fc4c4529ab2277df7bff40bd73/
Threat name:
Win32.Trojan.CrypterX
Create hunting rule
Status:
Malicious
First seen:
2024-02-07 09:44:08 UTC
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5rqdfs3iblvptpjkoo2xvbupyqgvgcp4jrcstkzco7pxx72axvzq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery persistence spyware stealer
Link:
https://tria.ge/reports/240208-a4n1jabf29/
Behaviour
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Program Files directory
Checks installed software on the system
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
Modifies Installed Components in the registry
Sets file execution options in registry
Unpacked files
SH256 hash:
cefc20394efeea377f34c3b68c97c97d56d9f51e939c08897faab71cf285e0aa
MD5 hash:
d4e1c56dddc5101c2680a725d7198137
SHA1 hash:
33cb9e6e5d1ce05c05d06f81851857a44116b778
Link:
https://www.unpac.me/results/2678980e-e378-47e3-b3ec-b68f5839b76e/
SH256 hash:
f634f241d8714adf6b4fb53f8c5b01cba78ae08903fa37a3e4b28cfc855091d0
MD5 hash:
17bc2642fe2d8748be73f443038eac0d
SHA1 hash:
64c4db4fffd9e54f7cc196ec98e57aa256d7d741
Link:
https://www.unpac.me/results/2678980e-e378-47e3-b3ec-b68f5839b76e/
SH256 hash:
362b054d2e380e1aa2cd838b7d07bf87e1bb520ea83d19b11735581f4f2ba754
MD5 hash:
fe3faf456cb388639b1826f97e79b3dc
SHA1 hash:
e5d3cc4aa32516f030cb6288876b80700c708e9d
Link:
https://www.unpac.me/results/2678980e-e378-47e3-b3ec-b68f5839b76e/
SH256 hash:
1aa1883e70b96d323e6e92c0f8fc0d17d4966ecc0138e811ae6bc4db75fc84b3
MD5 hash:
90cd5201a14e1a9dd11e797a8ffc81ae
SHA1 hash:
ae8a031bf2337e0c78fa91e8b36e47941b96e81e
Link:
https://www.unpac.me/results/2678980e-e378-47e3-b3ec-b68f5839b76e/
SH256 hash:
d8a58346519d77313ae9e4b5c38d06918827ed693d6aa5d08812ccd23dd0058b
MD5 hash:
2135e6e4994fbfed67f1c1ca29fd201e
SHA1 hash:
8ff1f1e86f908b7a9f432688374a90e75a94f4f8
Detections:
SUSP_Unsigned_GoogleUpdate
Create hunting rule
Link:
https://www.unpac.me/results/2678980e-e378-47e3-b3ec-b68f5839b76e/
Parent samples :
ec6032cb680aeaf9bd2a73b57a868fc40d5309fc4c4529ab2277df7bff40bd73
96fcae9a77f7f3d69488f487abe9358146601500523d8b43aeef10b4f658d93a
SH256 hash:
de116f8f37dfc7cae37100925d8cc33f23c95feaa048889d525b6ecb563a3602
MD5 hash:
9aaea1722f2d68b2b24a95e6f566a46b
SHA1 hash:
3cc7d469ce11f3d92c93cd9b28971489ba23d1c8
Detections:
SUSP_Unsigned_GoogleUpdate
Create hunting rule
Link:
https://www.unpac.me/results/2678980e-e378-47e3-b3ec-b68f5839b76e/
Parent samples :
ec6032cb680aeaf9bd2a73b57a868fc40d5309fc4c4529ab2277df7bff40bd73
96fcae9a77f7f3d69488f487abe9358146601500523d8b43aeef10b4f658d93a
SH256 hash:
8e564455e5285a2e1f19c0f79ab36e255f5b916a63129a3cdb1386071c68e03d
MD5 hash:
2937b36e96f96a8c90fa457b0d7408ff
SHA1 hash:
2d4a93f71dde880ac77bc220773a5b1f6df78fc4
Link:
https://www.unpac.me/results/2678980e-e378-47e3-b3ec-b68f5839b76e/
SH256 hash:
4ee57bd08c18194ef1e0063fa50d53545886749d8cab0e05c5b737cff456d7f2
MD5 hash:
68be7ebb15fb5cf2d2e2f33d2f83e04e
SHA1 hash:
68e3ecbee00f0f50e4b5f652e6221c1fca78dee8
Link:
https://www.unpac.me/results/2678980e-e378-47e3-b3ec-b68f5839b76e/
SH256 hash:
ec6032cb680aeaf9bd2a73b57a868fc40d5309fc4c4529ab2277df7bff40bd73
MD5 hash:
b16107babc1df1c23c7ede4846118156
SHA1 hash:
803898f909d4df9a13283a028a5006a4c7ca1fe6
Link:
https://www.unpac.me/results/2678980e-e378-47e3-b3ec-b68f5839b76e/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/475256/

Comments