MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f90220b98550878f3056c732d437bae3026e4d7c7aa9bb733dbaa9c748cb80e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	f90220b98550878f3056c732d437bae3026e4d7c7aa9bb733dbaa9c748cb80e7
SHA3-384 hash:	731296036e20f3a972fbeefec614ff55b323d548d9b8c89def12707d5b5b203f5920242b8362cbfad5b2160a58f20a6f
SHA1 hash:	5bd7e4b0355e0c9c1f676a0a9db25589ad815c27
MD5 hash:	820aac4af4041832fd845165bd2aa9cf
humanhash:	salami-cold-fish-august
File name:	file
Download:	download sample
File size:	2'535'424 bytes
First seen:	2022-11-15 12:56:39 UTC
Last seen:	2022-11-17 10:35:48 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	49152:lO32FWZxoXLXtTB6w+Ok6q7Tpsee/CKj6yESglizpSpM+7HT:t2QLr6w/1qxbc6yilizHI
Threatray	187 similar samples on MalwareBazaar
TLSH	T1B1C533219C2407BBD5B19CBB606567E87D38D91D4E7ECE41463CAD38D392CE883F48A6
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from https://vk.com/doc760750097_656120430?hash=yO2bJ4lPwzoEmPPzzFzVxJc0qbwssd7dEOzyOdyUwv4&dl=G43DANZVGAYDSNY:1668516633:09f6bX6QktHuSCGRheYc77VjOvnDTLzvurLVFVScIbc&api=1&no_preview=1#bebra10

Intelligence

File Origin

# of uploads :

1'052

# of downloads :

194

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

No threats detected

Analysis date:

2022-11-15 12:58:16 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/94b4a779-25e4-42d5-9adc-d58faf00e258

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/334304/

Detection(s):

SecuriteInfo.com.W64.Agent.EBR.gen.Eldorado.422.28216.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/63738c9f4dc24c6f80b81fd3/reports/7ce76a1d-1741-4096-bce7-da37148b8674/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/cf6b14be-e398-411c-9a18-7015d2ea69a5

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1113786

Signature

Antivirus / Scanner detection for submitted sample

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f90220b98550878f3056c732d437bae3026e4d7c7aa9bb733dbaa9c748cb80e7/

Threat name:

Win64.Infostealer.BroPass

Status:

Malicious

First seen:

2022-11-15 12:57:14 UTC

File Type:

PE+ (Exe)

AV detection:

14 of 26 (53.85%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7ebcbomfkcdy6mcwy4znin524mbg4tl4pku3w4z5xku4osglqdtq._file

Verdict:

unknown

02c1c4241e1211580f078778611ae7c11d6f7a5bdef75cf01cbb6a5185f1c3a8

2e557bd01d811580bda017fd1d1070d56d722e7d261474f2b404410f55ec1abc

61944d63af0a88ab927fa3bfb88eadd93435c4a851c2010756819cfaa90acde1

6f6e8e9441fa7b35c0b1676a69957404081ca8a357b38a6640adb38375a7424d

75520762f93c99c79ebac6081437b0b1ebf7122b1bcc1942484ea5de8e06a1ea

77ed638394053fe4fef1486f85bac2423f392a1f5e523f9ddf3f5dec289868d8

84a04190d479e2cf0fd459258a4fd4fc4a5059f96c355172e2c230f0bd1e863b

a162a4a82e21300ea8634e03e4d7f4b186cff8b9c41e2e9c46ca0c72e97aeacb

f8a941938484a00306232e77b8af41e7f81df56e4aa9864a2b59ea8ebfbc892b

+ 177 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/221115-p6xssahg7s/

Behaviour

Suspicious use of WriteProcessMemory

Deletes itself

Reads user/profile data of web browsers

UPX packed file

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/b90c022f-5a78-4514-af27-73b880b89f38

Unpacked files

SH256 hash:

5885e72e8f48c35be4d223551e9938ba0a668247ea605e865fbf5707e1c447d3

MD5 hash:

502b410335682199e57a829a590a38f0

SHA1 hash:

961d4ca92913c612839ad41c722ab06889e1836f

Link:

https://www.unpac.me/results/dfb21626-63fa-4110-8337-3bd18aacfaac/

SH256 hash:

f90220b98550878f3056c732d437bae3026e4d7c7aa9bb733dbaa9c748cb80e7

MD5 hash:

820aac4af4041832fd845165bd2aa9cf

SHA1 hash:

5bd7e4b0355e0c9c1f676a0a9db25589ad815c27

Link:

https://www.unpac.me/results/dfb21626-63fa-4110-8337-3bd18aacfaac/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f90220b98550878f3056c732d437bae3026e4d7c7aa9bb733dbaa9c748cb80e7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/334304/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample