MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f52db36593133648786002411f0fe9cde78c3fab4bbb30a628a97e17238b6b87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f52db36593133648786002411f0fe9cde78c3fab4bbb30a628a97e17238b6b87
SHA3-384 hash: b8e500a58b06fc816faf4fb0b9a392ba20e98859ec78784c2091e5b53eccb41d6c9622ef679391db6d71fd909dc733eb
SHA1 hash: 313068a83134af1255783b97d1bf5f1dcac57c12
MD5 hash: 96830bb485ba0afad1d748c4c3371b6a
humanhash: virginia-kansas-network-paris
File name:netspeedmeter.exe
Download: download sample
File size:10'365'661 bytes
First seen:2022-11-23 18:21:34 UTC
Last seen:2022-11-23 19:33:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep 196608:b0ZW67zwSGSqzi8FXbC/w9HnDXji0YrS0o8b8VBZ8MlIiiyHhSdKgl1TPr727V00:b0ZW67zOzi7Gjji0h0oFTG8H7gXc00
Threatray 20 similar samples on MalwareBazaar
TLSH T176A6233BB2BAA13EC15A177105B3976048F77F65FC0A8C2AC7E0450DCF669E01E3A656
TrID 61.8% (.EXE) Inno Setup installer (109740/4/30)
23.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
5.9% (.EXE) Win64 Executable (generic) (10523/12/4)
2.5% (.EXE) Win32 Executable (generic) (4505/5/1)
1.6% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon 076979e8e861631f
Reporter Anonymous
Tags:exe FakeInstaller

Intelligence

File Origin
# of uploads :
2
# of downloads :
212
Origin country :
EC EC
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
netspeedmeter.rar
Verdict:
Malicious activity
Analysis date:
2022-11-23 18:18:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4dd4a849-ea65-411e-bbb1-44d676cf6c79

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/337804/
Detection(s):
SecuriteInfo.com.Win32.TrojanX-gen.31631.11148.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
overlay packed setupapi.dll shell32.dll
Link:
https://www.filescan.io/uploads/637e64cb559d07a06f470fdc/reports/ba517ce0-0b16-49fe-8f0f-6e5724541073/overview
Result
Verdict:
MALICIOUS
Malware family:
Discord
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a9765ff2-0e37-42b5-b6a9-977b81713754
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
spyw.evad
Score:
32 / 100
Link:
https://www.joesandbox.com/analysis/1119992
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 752709 Sample: netspeedmeter.exe Startdate: 23/11/2022 Architecture: WINDOWS Score: 32 63 www.google.com 2->63 77 Multi AV Scanner detection for dropped file 2->77 79 Multi AV Scanner detection for submitted file 2->79 11 netspeedmeter.exe 2 2->11         started        signatures3 process4 file5 53 C:\Users\user\AppData\...\netspeedmeter.tmp, PE32 11->53 dropped 83 Obfuscated command line found 11->83 15 netspeedmeter.tmp 34 33 11->15         started        signatures6 process7 file8 55 C:\...\unins000.exe (copy), PE32 15->55 dropped 57 C:\...\selenium-manager.exe (copy), PE32+ 15->57 dropped 59 C:\Program Files (x86)\...\is-VUF6U.tmp, PE32+ 15->59 dropped 61 12 other files (11 malicious) 15->61 dropped 18 Netspeedmeter.exe 15 3 15->18         started        process9 process10 20 chromedriver.exe 2 18->20         started        25 selenium-manager.exe 13 18->25         started        27 taskkill.exe 1 18->27         started        29 taskkill.exe 1 18->29         started        dnsIp11 65 127.0.0.1 unknown unknown 20->65 49 C:\Users\user\AppData\Local\...\Preferences, JSON 20->49 dropped 81 Tries to harvest and steal browser information (history, passwords, etc) 20->81 31 chrome.exe 1 20->31         started        34 conhost.exe 20->34         started        51 C:\Users\user\.cache\...\chromedriver.exe, PE32 25->51 dropped 36 cmd.exe 1 25->36         started        38 conhost.exe 25->38         started        40 conhost.exe 27->40         started        42 conhost.exe 29->42         started        file12 signatures13 process14 dnsIp15 73 192.168.2.1 unknown unknown 31->73 75 239.255.255.250 unknown Reserved 31->75 44 chrome.exe 31->44         started        47 WMIC.exe 1 36->47         started        process16 dnsIp17 67 part-0017.t-0009.fbs1-t-msedge.net 13.107.219.45, 443, 49732, 49733 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 44->67 69 part-0032.t-0009.fbs1-t-msedge.net 13.107.219.60, 443, 49747, 49751 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 44->69 71 28 other IPs or domains 44->71
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f52db36593133648786002411f0fe9cde78c3fab4bbb30a628a97e17238b6b87/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-11-23 18:22:11 UTC
File Type:
PE (Exe)
AV detection:
10 of 26 (38.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6uw3gzmtcm3eq6daajar6d7jzxtyyp5ljo5tbjrivf7boi4lnodq._file
Verdict:
suspicious
Similar samples:
3c044e30aac305079423fef30bd1ebf5ed96967be70f6e1526b70f6bd3cd2208
405628de6b7fd3b43d24ccb4666ac45ec67775f5f097e902103e5fbcdf52ec75
4a78da86088eed90bd838d99d1afd5ceaca6c9c521be450639670f6d06a7fe77
971725f4443df9cf72b74a296e54352bd0f91bf74517fb28980a1916f89d56e2
9fbdcf044aba61ae6c0678b5f83fc4bd8b589ba3a4fd12a5bef53e2ead494eed
b133d412502ab9654837fc898e800503003bdda51480c711838a381aecb99942
cb608822e6b4e11e81235ea5ce36b63719ad03e62f6e0ce3e654e24268f57442
f21fbc70b613bff0b36f68277ec821c2a209e1c203b1eaee021f9b748f4fb0fc
f3adfb055c94c9506a811406f5ffbb6db42dc960a8175065fb0625a62b3fcfd4
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221123-wzwepsdd37/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
ed6a2c414de8824ef6f42deb6e695fcf9f7f53f9280edff731c3b124b9e2e140
MD5 hash:
2e61c8f0c899a2bbf4c03f332751cbb5
SHA1 hash:
189dda1b94734592b56c6e355527f8d3e6041d9d
Link:
https://www.unpac.me/results/dc028476-e568-45be-89ac-e9d4e101ed4b/
SH256 hash:
f52db36593133648786002411f0fe9cde78c3fab4bbb30a628a97e17238b6b87
MD5 hash:
96830bb485ba0afad1d748c4c3371b6a
SHA1 hash:
313068a83134af1255783b97d1bf5f1dcac57c12
Link:
https://www.unpac.me/results/dc028476-e568-45be-89ac-e9d4e101ed4b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f52db36593133648786002411f0fe9cde78c3fab4bbb30a628a97e17238b6b87

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f52db36593133648786002411f0fe9cde78c3fab4bbb30a628a97e17238b6b87

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/337804/

Comments