MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef7127461d0a024cbdb38b1b958a40311cfc95573f77a739a89f9240e64fa522. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef7127461d0a024cbdb38b1b958a40311cfc95573f77a739a89f9240e64fa522
SHA3-384 hash: f29e4fc6c07437e09ad0a231362bbb991d8acc9f11328b6b93dd12d58a6dd2ffefba6a24b4f3dce7949d89f9cdb8362a
SHA1 hash: 6058c30ed590c6e659f7cfe6bff4d10d84566012
MD5 hash: a6bebf44102d4d165a88455d7e236923
humanhash: oranges-virginia-white-snake
File name:a6bebf44102d4d165a88455d7e236923
Download: download sample
File size:61'189 bytes
First seen:2021-12-20 07:59:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 378c4792225854c10b4a5f5d67ecdbd2 (2 x ZLoader, 1 x Adware.PushWare, 1 x Adware.Generic)
ssdeep 1536:FTViOcRUBWC2jZP2ITQX5+e7ZnbHJNDmEosEJ4Az:FTUOPWC/IUJtZnbHJRmEDc4M
Threatray 2 similar samples on MalwareBazaar
TLSH T1C553AF1671C0D4FBC9A24A300A7E1F76BFF6AB15112903437BB45F897E27783892D256
File icon (PE):PE icon
dhash icon 92e0b496a6cada72 (12 x RedLineStealer, 7 x RaccoonStealer, 5 x BlankGrabber)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/215359/
Detection(s):
SecuriteInfo.com.Trojan.KillFiles.62557.1725.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a file
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Creating a process from a recently created file
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Creating a service
Creating a file in the %AppData% subdirectories
Creating a window
Searching for the window
Modifying a system file
Creating a file in the Windows subdirectories
Query of malicious DNS domain
Enabling autorun for a service
Sending an HTTP GET request to an infection source
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/2699/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/61c037ca8991ba72b38e26c7/reports/d5816632-19d7-41f1-b7f7-8d5ca62a8129/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3f143f02-2274-435b-af18-43660b49e3a5
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/910080
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Contains functionality to infect the boot sector
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ef7127461d0a024cbdb38b1b958a40311cfc95573f77a739a89f9240e64fa522/
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2021-12-19 12:42:36 UTC
File Type:
PE (Exe)
AV detection:
23 of 27 (85.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
6d1e8af2aefe2c518ea4d97611e41ed3a139b87d44b5cd996682e29b16ec5815
83c31903a72e894c0c0a74bc456a9ce007991bf682f1d072905865207adc8fbf
Result
Malware family:
n/a
Score:
  10/10
Tags:
bootkit discovery evasion persistence spyware stealer trojan
Link:
https://tria.ge/reports/211220-jvd9eaaggj/
Behaviour
Checks SCSI registry key(s)
Creates scheduled task(s)
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
NSIS installer
Enumerates physical storage devices
Drops file in Program Files directory
Launches sc.exe
Checks installed software on the system
Checks whether UAC is enabled
Drops Chrome extension
Writes to the Master Boot Record (MBR)
Loads dropped DLL
Reads user/profile data of web browsers
Creates new service(s)
Downloads MZ/PE file
Executes dropped EXE
Sets DLL path for service in the registry
Registers COM server for autorun
Unpacked files
SH256 hash:
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
MD5 hash:
254f13dfd61c5b7d2119eb2550491e1d
SHA1 hash:
5083f6804ee3475f3698ab9e68611b0128e22fd6
Link:
https://www.unpac.me/results/00cb35fc-0ab8-41e9-b17d-0d2cdedde514/
SH256 hash:
ef7127461d0a024cbdb38b1b958a40311cfc95573f77a739a89f9240e64fa522
MD5 hash:
a6bebf44102d4d165a88455d7e236923
SHA1 hash:
6058c30ed590c6e659f7cfe6bff4d10d84566012
Link:
https://www.unpac.me/results/00cb35fc-0ab8-41e9-b17d-0d2cdedde514/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Nymaim
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/ef7127461d0a024cbdb38b1b958a40311cfc95573f77a739a89f9240e64fa522

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ef7127461d0a024cbdb38b1b958a40311cfc95573f77a739a89f9240e64fa522

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1901183/
Cape
Cape
https://www.capesandbox.com/analysis/215359/

Comments


Avatar
zbet commented on 2021-12-20 07:59:06 UTC

url : hxxp://down.1230578.com/DTPageSet.exe