MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec82a15de2f6770b776c5ca7ed7b6e0deca7a17fcd6658eb952193c6a2fe2784. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec82a15de2f6770b776c5ca7ed7b6e0deca7a17fcd6658eb952193c6a2fe2784
SHA3-384 hash: db7313c9ed541c1a28270cc86b080e4dbb33be64748f3050c29a5af9a80c58255533676c5be744b0a280a3025d83cb88
SHA1 hash: 3a4e8dad938f44eb7547e583edbb511fb15eb8ad
MD5 hash: 2a0e4fdc073c63e9fedbc104582d0343
humanhash: wyoming-beryllium-mississippi-california
File name:2a0e4fdc073c63e9fedbc104582d0343.exe
Download: download sample
File size:2'537'984 bytes
First seen:2023-02-01 15:56:10 UTC
Last seen:2023-02-01 17:37:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 49152:Nr/3aZfa8Xvc2b8QC5YoM2GtGUA4zReZQTVc24PNYd0z8cgUYpvKc:liZi8fvdCdUASkQpcXNPgcgUYpvK
Threatray 247 similar samples on MalwareBazaar
TLSH T1E1C53366798DA425FCED3DB6181EFAB35441821F87C5561C50EDBE28AC60308E94FCDE
TrID 63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12)
24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.ICL) Windows Icons Library (generic) (2059/9)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
174
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2a0e4fdc073c63e9fedbc104582d0343.exe
Verdict:
Malicious activity
Analysis date:
2023-02-01 16:03:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/765802c8-7433-4c7c-8b02-2ceb1ae97b34

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/359134/
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.95862.2505.12691.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Launching a process
Searching for the window
DNS request
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/63da8bd01c9cbf7d6255284a/reports/06cbff12-6656-47f4-8cbe-45246213ba7b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f5a3c7c1-ef1d-42f6-ad3e-8e480f1f8b39
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1163371
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 796132 Sample: 1HRj8aM2TZ.exe Startdate: 01/02/2023 Architecture: WINDOWS Score: 60 21 Antivirus / Scanner detection for submitted sample 2->21 23 Multi AV Scanner detection for submitted file 2->23 7 1HRj8aM2TZ.exe 2->7         started        process3 dnsIp4 17 youtube-ui.l.google.com 172.217.23.110, 443, 49710 GOOGLEUS United States 7->17 19 www.youtube.com 7->19 25 Tries to harvest and steal browser information (history, passwords, etc) 7->25 11 cmd.exe 1 7->11         started        signatures5 process6 process7 13 conhost.exe 11->13         started        15 choice.exe 1 11->15         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec82a15de2f6770b776c5ca7ed7b6e0deca7a17fcd6658eb952193c6a2fe2784/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-01-31 20:58:39 UTC
File Type:
PE+ (Exe)
AV detection:
20 of 39 (51.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5sbkcxpc6z3qw53mlst6263obxwkpil7zvtfr24vegj4nix6e6ca._file
Verdict:
malicious
Similar samples:
0a691a5ed595c40c6dea8ea3fec94961fd8522e047a4d85bb6b8adf1152560cf
33f7724e95023ea96f6d12626916a193cd9bef1598947b43605bbe12257605a7
34f29268fedfda9ca88800918939637a7f313131c6e04aebb9052f531b694c23
447ecfab4fe85b150463ef96240ae2690eae0534684af88a61b3e9fee459cd9c
5bda6b19046cc9919f8b1248384573bfdd2895df2d100eafcdf2346bc46fffb9
6511d09ada2bc11a95c06bd20abb66f450b9b2a6ed1f00c723401884ce7a2e61
6e3f1055521e01bd967f22fd68b48410342264b62cf7b7998a6686a2141d4d67
8116aab7428774d74e15738db29842052c5f1a7c6bb4259026f75872c500b022
99481f540a11c13b1e960815d8a0e7d26cac8953c98e4f2d3b76e0acb61c6fe0
e36b44fc7788dec930e5b1575172124bd2ab6dc5dd474a3779d6095b02745299
+ 237 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/230201-tdxpjacd7w/
Behaviour
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
UPX packed file
Unpacked files
SH256 hash:
7c36f2ad9eea97c39636fdb0ecea183ce69b3206ce095efbaec9b958c5f0c80a
MD5 hash:
fea9f5ec16f14379102a832cceee191a
SHA1 hash:
463f68c2adc343a307983c2fd416313398c99d2e
Link:
https://www.unpac.me/results/7735b409-d652-4507-b1ad-c10f75973556/
SH256 hash:
ec82a15de2f6770b776c5ca7ed7b6e0deca7a17fcd6658eb952193c6a2fe2784
MD5 hash:
2a0e4fdc073c63e9fedbc104582d0343
SHA1 hash:
3a4e8dad938f44eb7547e583edbb511fb15eb8ad
Link:
https://www.unpac.me/results/7735b409-d652-4507-b1ad-c10f75973556/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ec82a15de2f6770b776c5ca7ed7b6e0deca7a17fcd6658eb952193c6a2fe2784

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ec82a15de2f6770b776c5ca7ed7b6e0deca7a17fcd6658eb952193c6a2fe2784

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2516964/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/359134/

Comments