MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 efc68e9572dcd8d5bc5a55b2d2093e2f3301e7b843e7ffe1354c99c7223aa231. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: efc68e9572dcd8d5bc5a55b2d2093e2f3301e7b843e7ffe1354c99c7223aa231
SHA3-384 hash: 5e755e3a2312668c9c271a841185414038427aad164e0a543f3ebaf1770496bb5eb635bfdbe828602b779be8fc386d32
SHA1 hash: f03668df8bcc5218db40e597eff010a97d16fe6e
MD5 hash: 3818f130979fa6b37252ef3b6b1d29b4
humanhash: monkey-snake-sweet-paris
File name:3818f130979fa6b37252ef3b6b1d29b4
Download: download sample
File size:62'976 bytes
First seen:2022-01-12 08:41:33 UTC
Last seen:2022-01-12 13:08:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 768:fb6KMRFmWd+FJBy6cyeLLLL+2lM8ngdWXGf1rcleAKJRjc7r2D9c:mzvd+vBy6cNlM8q1sglk
TLSH T12C53BB44FA792843D7B8C5FE40A641644BB926AA3594F3E84CD399DA23F1FCC8D90D1B
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3818f130979fa6b37252ef3b6b1d29b4
Verdict:
No threats detected
Analysis date:
2022-01-12 12:59:34 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a8b538ce-edba-4968-95e3-a351009f3a4e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/218603/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Steam.24804.2631.31219.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Launching a process
Creating a file
Reading critical registry keys
Creating a window
Using the Windows Management Instrumentation requests
Sending an HTTP GET request
Stealing user critical data
Unauthorized injection to a system process
Gathering data
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e585ae69-80d8-4029-88cd-b4eedf799644
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/919049
Signature
Allocates memory in foreign processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/efc68e9572dcd8d5bc5a55b2d2093e2f3301e7b843e7ffe1354c99c7223aa231/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-01-12 05:53:18 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
13 of 43 (30.23%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/220112-kl1lqabhb8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
efc68e9572dcd8d5bc5a55b2d2093e2f3301e7b843e7ffe1354c99c7223aa231
MD5 hash:
3818f130979fa6b37252ef3b6b1d29b4
SHA1 hash:
f03668df8bcc5218db40e597eff010a97d16fe6e
Link:
https://www.unpac.me/results/1bbc9e53-9dce-4920-a84d-2b008074fa37/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/efc68e9572dcd8d5bc5a55b2d2093e2f3301e7b843e7ffe1354c99c7223aa231

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe efc68e9572dcd8d5bc5a55b2d2093e2f3301e7b843e7ffe1354c99c7223aa231

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/218603/
  
URLhaus
https://urlhaus.abuse.ch/url/1970190/

Comments


Avatar
zbet commented on 2022-01-12 08:41:34 UTC

url : hxxp://data-host-coin-8.com/files/1241_1641912772_2965.exe