MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbcaa0a7cbaa647906093a1eeff4914017c7d79ce6ffd5cdb0c9575428cd0697. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GCleaner


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fbcaa0a7cbaa647906093a1eeff4914017c7d79ce6ffd5cdb0c9575428cd0697
SHA3-384 hash: ad6d81a6bbbaf10aee93b0da25eeff16707ee15531708366e28437ea0333c79634eac3dc0daaebb20fadc099ef3fa2cc
SHA1 hash: 3f993fe3d527e5a43866f14c80c230b1b451de9f
MD5 hash: 0c2a33ae8f37c3853ab00ac2f560c498
humanhash: florida-triple-nevada-autumn
File name:file
Download: download sample
Signature GCleaner
Create hunting rule
File size:2'547'492 bytes
First seen:2022-10-18 17:18:53 UTC
Last seen:2022-10-18 17:42:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'445 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 49152:Z2AmS9ifgw8BiqkIY3PB36l+ReAWufCU+D1RxQ7UNT7CI1KVIsfA5hq:MU9OeiNolKeoCrDbxQOyI1KVXoDq
TLSH T13FC533827FF1CE70C062C0B2FE31B8474AB3D94D7962A555A8BCC74E4F12A919C9536B
TrID 50.3% (.EXE) Win32 Executable PowerBASIC/Win 9.x (148303/79/28)
37.2% (.EXE) Inno Setup installer (109740/4/30)
4.8% (.EXE) Win32 Executable Delphi generic (14182/79/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter andretavare5
Tags:exe gcleaner


Avatar
andretavare5
Sample downloaded from http://95.214.24.96/load.php?pub=mixinte

Intelligence

File Origin
# of uploads :
9
# of downloads :
280
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/321460/
Detection(s):
SecuriteInfo.com.Trojan-Dropper.Win32.Agent.14403.21121.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for the window
Creating a file
Moving a recently created file
Modifying a system file
Creating a file in the %AppData% subdirectories
Creating a file in the system32 subdirectories
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Creating a file in the Windows subdirectories
Launching a process
Launching a tool to kill processes
Sending an HTTP GET request to an infection source
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/43683/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/634ee00866721ebd9b2f0ba3/reports/3423e547-8055-497b-acb4-fb0daa6d87a6/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b7e57169-87e1-420f-b5c8-8609f33e9b4f
Result
Threat name:
Nymaim
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1092932
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Multi AV Scanner detection for dropped file
Yara detected Nymaim
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 725554 Sample: file.exe Startdate: 18/10/2022 Architecture: WINDOWS Score: 88 47 85.31.46.167 CLOUDCOMPUTINGDE Germany 2->47 49 Antivirus detection for URL or domain 2->49 51 Detected unpacking (changes PE section rights) 2->51 53 Detected unpacking (overwrites its own PE header) 2->53 55 3 other signatures 2->55 10 file.exe 2 2->10         started        signatures3 process4 file5 31 C:\Users\user\AppData\Local\...\is-VOOP2.tmp, PE32 10->31 dropped 13 is-VOOP2.tmp 16 25 10->13         started        process6 file7 33 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 13->33 dropped 35 C:\Users\user\AppData\Local\...\_iscrypt.dll, PE32 13->35 dropped 37 C:\...\unins000.exe (copy), PE32 13->37 dropped 39 4 other files (2 malicious) 13->39 dropped 16 ehsearcher52.exe 25 13->16         started        process8 dnsIp9 41 45.15.156.54, 49692, 80 RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU Russian Federation 16->41 43 107.182.129.235, 49693, 80 META-ASUS Reserved 16->43 45 2 other IPs or domains 16->45 29 C:\Users\user\AppData\...\sgFGMunU.exe, PE32 16->29 dropped 20 sgFGMunU.exe 16->20         started        23 cmd.exe 1 16->23         started        file10 process11 signatures12 57 Multi AV Scanner detection for dropped file 20->57 25 taskkill.exe 1 23->25         started        27 conhost.exe 23->27         started        process13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fbcaa0a7cbaa647906093a1eeff4914017c7d79ce6ffd5cdb0c9575428cd0697/
Threat name:
Win32.Trojan.Privateloader
Create hunting rule
Status:
Malicious
First seen:
2022-10-18 17:27:19 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7pfkbj6lvjshsbqjhipo75erial4pv444375ltnqzflvikgna2lq._file
Verdict:
malicious
Result
Malware family:
nymaim
Create hunting rule
Score:
  10/10
Tags:
family:nymaim discovery trojan
Link:
https://tria.ge/reports/221018-vvtvmsged7/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Program Files directory
Checks installed software on the system
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
NyMaim
Malware Config
C2 Extraction:
45.15.156.54
85.31.46.167
Gathering data
Unpacked files
SH256 hash:
d65f4818486d0c67797f4669002c30d75e286509f6fddf73f7726e7bc7c35133
MD5 hash:
aade8a79c3c6fade363e52140992266f
SHA1 hash:
530e63cf77c3dc6b3ffa9bb5b2235bc7a84db45b
Detections:
win_nymaim_g0
Create hunting rule
win_gcleaner_auto
Create hunting rule
Link:
https://www.unpac.me/results/548350da-48ee-4683-b527-56c945161b2b/
Parent samples :
31d3989bd568a29e211f378c9812e51ac312d4b0be152a8b4e102204dda1fd7f
e0b5db430f465421dd7bf6e65e1d7af8d93c738a61c08730b32550bdcea4b7ef
60ac20a2abc9241fce627496d762f97f630b4bdf955419298cdd6bf77900029c
613e0675b1919bad8ed8bc37299588af49df21d9ed59a9fd2403df8990619612
82f1356e783040fa038ebfcde3ad9d4068e120e943bb4cc8f920d2ce9c9c141b
989ec535169ff168e5793a52047de37d4717297c91de297b77de3fad9904660a
b7abf8943462cd445def64b9ce871625add9f5b0bfd3dde428a9913969277017
214d47a52af58142041445f02dc3f655630c6a8d0db037fed128031392db93d5
6d37e36dacd225a172443c71f3cdf8f0b1a4bd730b9c6bffb07a0e288eff49b4
0bee7da89a94e06faefe7d9e9c4e6e4be5d155415e475b85a3b3d8220d2bbcfe
b6c23d4598e647423c61da66f7856f99e9691b04fd276ebe889ba4bc6b1889f6
54c1907b755ae2da92568d370729cd060c9593933b45647461836722d373dbff
7d5ce58adc0cd8fc78d7942c92c3f8f30c3c6f316691f58d2390e88d3059b2a5
af31b1e6d6781b62d1676c5654ce0d31fb15109c2aa743eacad0225bd84799e0
4bcf0674862663419f7ee6cfaf34c00c10c0b9cad91434257f1ef47f3e639b4e
aa433f3edf029d149a2d4e8acd37ef98e8a1da14bc02b8014652ed58b5b7da68
521021d9447f4460a454c8632afac09b06687128581ab172c94dc40a6ba37b66
2bf286066267c4a5d1215a2884e09bef8e7c0d1e6decfe91a7f09907cb39414a
c299ab6dba225dab89bb803033fe4a475a1c36a8cc0d26177342c5936dba4b1a
2eabe285d6f444fc377f65f18a0c704c0ede640d3720b516d4e0dc48c01a7478
df440e30124aea35c94ecca6579ceed14e189854e052aec6dd63373136079e34
8d39d6cd2c7cdc0f2c1baa792d505842d731e4318a96ee7eafc04936bd3a37c6
7792bc80253ff25763b8df934dad4650ada9073997054e1b10ed6c1d84e327b0
8368e3e63363da33a65c80d5db5d55cb7f3ea1a89c9fb4efa44c4fc805b5c673
6aaeb6e17211c72306dca7eae1133403d229a74507e907a1182f5d2e58a7e942
847f43f151973ca8813fb725281de049150b74b94f1e89dd150cb38a5f6a88eb
05b0c8e0a2fe493e20b2c51c7edc9f997e6b71da932cc24007c0c628cae81b43
7d58635ad9c4eaa8201e00d76298105e2cb9ae6c5fa7fba1199a211cfe90ee68
3c81929fd7f7658b11f9dd8c53450620074be78f6b8b2c46acf2818354d6c6d9
6120c2cf80e60faf7c9f71ae783543891ecad367e9601081adbcfd208774efc2
72032b3f4251406aa7e9c19597b3bc6d616a481753e26119af6fcc3fd7d73e30
90f4669426bc922081776610989676cb76d964e320f587d73ebb34c14d5f6c34
b3c93e65bdc889dff4ce4f248d2c16f3d8e4160b30b90bc7531bcf39a9c568a9
9180114acac5af56f42fec98b5c8b3282ad522c8ca485e48dd8fb75dbf4d5f73
387c7945b28f68875dfa9f92d5220e83c2ce63d56c3b9c9afd7c3ba53aeec9ed
34a2e913ec0c367dcf1f5ce6982c5121ace66a171393e99da97e4a7939051e9b
669e52a4ffda746d3fa3c92db5931f1f6babae89b2a62da27fc9ae046651dc82
6674543f1d261c538508e5728d4a40d84483ee09d3bcefea2d6eae1d77d8ecb6
2e8c320b422138caabb3752124b12bbde7c2fbfad882c32cfbf70267abe56601
72c53ebfe3c105afa5cf1d7caa1cfdd1b72788477403047ef512aa2fb826dad4
abcdd16c0519662913455835eb107b8fe3d5f28818fbbd8ab39e259a1fba4462
8c28e25e78c0854397150b5a198309031ae45e40f54468dea94c661970607497
ade963e313cb7b2c6aa3c3ff09673d9982b612b998983931b6ed9ae17f1e57c1
2b835e0db8496578613e9e094068114d2fa795196c538d69a7e04eded9bf6634
4bb6c4a50abe004745551c8a19d19646fe7d53c14e9abebffc5eedfbe0ce67f8
66c4e6e073550b8a6915c6c25b89eacfa9197bbbf57e28cdb8d7f2969ea84162
586bc66a108bbb92a5bbcd1b029f08295e97dac7955db4e8838cdfb47010a8ea
ad60b2d4145563328f543fe60b1252ab77cec063ec4656c28824e20dfc5c856f
c3b94ad0e86ebe52db19e2229ef0aef94ea63b8a663f17becc880a415371d353
00ba80e30b4d3146907899fa8250a6ae98233a2b97104333095ccd5c4b004477
23ea2a227f1158d67c429582b6d255edfdbf2822e993c5e7f93d4b5853e14560
f500667e1edd8415d2577ca7ad00c7f2f6a24ed098cd74e12cb93cf946230a20
9d7ed292f0b26293878d808c66ab17a43abf9f947f1fd5b6f79c20f491ff9781
744d5dd5a52212783fa4851a007549304702f6863b50e208fd490df8b8513374
ca1726f82b65912609329d65e466452ed877e2da07115ccd4da04e62e3d72d87
41609a21e31c6079bce874ffd7f126f71c4d07348ed38214ba6bbcef5be828e2
5fe924ce0bad7a8b932c49d9f807c92fdbd3bc435bdee889cb3ff6abd745012b
210d5b79a8910c4a61c8041491337cc42489faff975acbd63b4ddea86cb12943
ce418e31af2a72754f08fd34b057eb97c6be0f2790e40792a1ced936a16da425
19e1952d70b04f774ce8b0ba38510c42b2be04ac0f4af819bdc9120859c28818
5f2922b62cbd0dd7fb58d3678c7c6a6bfa421ca556f2eb8002959f2b0dbc1b20
47fe8fb28d772fb2535feabda6131dc1bf5511398a4a1f44c33a0e8d881bf210
00b80f0290e2650a1ff6ca5ce623072ecdb475e9e268499d3d064757739b6ae4
8587a53aaaf7588dcf052c42b069e61fa384ea917cdb0d55066fb1ef94925a7e
153ce792d2efb31dc4014fff3e532e6ec6aed08586c022a5c22f9a7c5a30da6d
7b8124910b8ad5e90e890d933cc1bd6044579e43d4297c12c96c9cf4b6ada001
c2ef4f7b4f2f6522b21771d07730c3505132b7dcaded3ad3a946f3f0422681a9
aeb3c1fa86a27c6a0adf982c11afa2e04a8fa1df40dcfa7b3a7aa73630ddfed9
ef3888c08643fdad03fbb1e0390efe2c27a5a5ab0590a37e26c85ce8d78c4456
6ff32ece90f4926c0d61e6c0df0665724b6df71e38155243f7a89da05c3aaabf
b397364cd14c3911429e71e775a31df9de045211dd6fd2472819c7f3599e8cfc
5e8017b22330a163f7499518293740fa9250aa21207a25996c626e2834803ce8
4859859e2720caea8bb7f9736229ebedbb49f07e7c597b69b8f7970295f76d74
dc13277ce9732f29f3038322d51d606659e43b68dd380716799df4973bca580d
4a13754dfe66bdd25459314a67f7bd6cefb92839e5f8bb9085375b16219af854
155bc9bb71157629ccc21be6b2f9936974744d6504a7d8f25db1f16041ee4610
83303bd8432e42ddbc86aa5f2fba7b07ded48ef47ec39d42f62b410081b14090
1f4ee50260bcc14b406596a7e04f4a4557951dd59d640f6c2c8bc8b2f3ba49a0
719f0cae4febcef4dde4062ebc7a538132eed441cea31edaaba24386b6457c0d
d25b29fd1afc237962c4735521190b0df521a40da60e669ef417a864dfba46ec
7df62167be36b316efc509fb66bbea50b4285a162a451d7aa3bc7b34fae5cf72
8eca01293eecbdfc490fbd0adfec2f3d391bf858604586579e59278864731a2b
7401684d8d8286ccae47c3ce63b34a80513623b07f702780899a4670c9be4185
18f0330835e2c42b86fe2ee128f9e93118d81187b265d3ab495ff43961b0fdc3
70d2247cc2579d845ae87ccc8690d62add041269753377c19513cae968dbe45c
96d731e3eeccd16f7e02381bc437f3b0674c3b990255a813ef2f43311c5dc778
fad11d864cf50ef7f3dbe984f3b2f6449c6e09b360ced1e4c31faf4e3cfc8744
c314c252733ce1d726547d122dc8f4a7a84568b536617469b6574c0f12bcccc2
41091fe693cdb28bcf1ad2f2ada4e67cdd29d37c75aca82e0530dfdee577f8ed
8613ddffa1f57cf74edac3190da1b679e564ed36db817207763ae8fff7e89835
e802bea8c9e7e665f35d38a88081b61147d53a6c449cba599fb192359889e2f2
766f2032f0d8527d5867efe920679916125dc643c0205d8b4ce0853665f0b13d
582f92d0881a17bba2a19a4365c4a481633a04cd83e4ce5accd5f64969458327
2fefef1b0c64e6895e4b83bb760e4eabc0250b054fa68ad189c5610ae55c2804
a2f30b40e751c5ef60a38aa51c72b6023645462fc5c5c7a649dff5ca233750fe
c1918ef833342a28564109064d83775a382e68bfc45a24dda3e54b7ebb1f5d01
be6068e35725e1c2469c42a80771ae6c373f9e555d5e2c469a83e51f6d6f6b2a
34ba6966f604f300c1c029278001e816a26b0d689242975f89385a7e4932dee2
e8a8fb46cd5435eb6293cbb01784b7d4351cb482311f55bc2436603f3e95914c
291618a72c8fcc5ff05f289b1ff9248fd127e75057aa7091b070935f1405834a
5951a3e3aa9cbce0d9f7f29d079ae9053c309f8635a0ad6bc098228b895e2ca1
a2a02ec5e8cf6b543ef070562aa8c0be3bb6f8753493f9ae5dbe1c76909ec002
81d869b23005a3f1411c84210377a0760da175dc7808a75351fcadcc18ad4dcd
d729670729c51b2a406ddc20c35b6fbb856f068a7c90fbcc7171db21aef1e153
fbcaa0a7cbaa647906093a1eeff4914017c7d79ce6ffd5cdb0c9575428cd0697
fbddfbea3bbc45e61ad76d1b639eeffce13f8463582464151cf9dece45ddbc41
3025226538184802c267934f683587c28abf2d6a2bc812d34048d3798cf70b7b
cdd47b19862db65ff5ddcbfe93caa0ebb7b31388507e97313a39eccb0dab6309
bb9b9f2dd0783bc14fa05227877e4f9a34eb47e62c1afbaeeea9930b8bcb8922
e4a48d00092e9cdd95ee057231406f29e6241cf069073772d4fc0e82b0f8a6e4
aa5383824eeb7c5bbef67fd59ae5c833c86533eded463da9f005a45824adc04a
ed115f6b3e70df0fbb58cd4a14f8a670eececf1e0fb661a265fe63fa3c6361b8
276ddb78a1ccc49e7162a7659887cac0f725d9be724820c37f85c9528b3d9cd9
d30efee344417fc4bcd1afc83dad805ea735c366ff20278fe722270a6cb4d658
82896c8155031d5001a12d480ea220cdf0bd4fa7ce878629da9178acd3a752cf
4440750f1c62039c30a02a77ab88df8267585bd8541cf35a3d83a7efef3cf563
c9c70ebf4d5dfa0971549c7978dfe7f57e540c74037bb8f63e36082ef0a6b3ff
0e2845d7a15e8136483d332ac7de116460370a679511ea47493e40b599a4da0d
cd33acc8e59492a57e7879d349227caeb3d54e5ba01bebe52bd4a8658fb62680
f0288e3c55d115726c91ccf29ae3b9036118935941ba7776679bb1dbdb649d67
075108af68ecf6573b2323e024a84b5846c8a7acb3cd5b1055895299fb9b589e
2f0b97fae0866d96951e0362d5a44c8e53fc02038dca5b26e6914ac053625957
5b597bf6e86a0e395f7f7b9b7f1f0e1648ae5c313fb59a6a2923d05ec85b7c29
0a9a37b7eedf3e14d76082a47324cad48d06f69a6d6fe2d14013fe5c4ded24d1
a7b54d20b35c4d7861ba3cf09d7b3a4080531be41fa9b3a0d7e50f50c44860fb
0d5e3f08a17013bdcf882b9932f3f69a7ac1e869d70e1fdce94503543488c57b
bc5aab9d2e0b916289bac67676eb7d3d931d06e6f3a620ea812659a0ba9e2d71
c29567c17c342ee5ae4a333da12f5955cbab97c5fca1874f5675906c404a9ee8
06853902611be99ad3e18c2c31165370028f41815437dbb3d10e0c8ff15804c9
2ce64e766bac8c176ff01bb9a1fe7dffc69aae2a873aa3f0312edde76405e76e
e0df6eebfe0396d4b09adfdfd935f151a1edf6173a8800344ea01a50f79a1f44
d0d343d4ce14e2e741cbc5f78270890d7a20dad4f2ea937397a5a6f4fbbaf2a6
19855cf2c3c1cd3eddd958cccc30d22567cb44ba59b4bee30fa40531ad201137
a5c6c53a31ef4cdf04530f7550404c63c964bf7da66b3d8de707929415c1d3a5
a0e690fbdfd914c37c3ce2909ba6d4f1a74bfb05aab88471d165a620c42dd286
6114998019b82b8d06ca997ad9b2d2f282b2a2625955851720e9684586952822
1ff2edf683c2677df9f4074b5090458cd32ffba1fdd0e6056f15e5427f5e95ae
875abfbf0f9a702160b9e8f94e753478d85ca85983fd856c824e6134fd0d9764
045ed1ec8dbcb2715ed6418cf42a3366b927b24900c509eab5357e939b98d43b
a5fe1ca2f25b6dd5b5b989198e8c4ff8b97df65b02c92f43facc2da0830467d9
40055f18a8af51b644ebe2535cfb6f09dfa078210d37ae7037a1750e6dbe92cd
29e6c74d748f43f4823d51a8b913b9cdd1b4ceff92cad29437642ca951b7dad1
ea5f8b8f396dba0ada4bba7a7864acb493ea64609a84041ef3c9945d1c4484d9
846a058298eb5e6d89ccd726035f2012ad07fd989a448c69629c19225f63c8f1
8c030ac76c5418e320817ebcba5d3d2c41d09acc0053a52bba02ee62ce2615d2
d8591e3274137cbeb0226677a9a727958b9d78014a8387edb91ee5a079967a8e
9afe197cb7a50ac29cc0f6d138e96e6c44ba2b5d4f974ae0af1809e07e2fbdf8
4a64faf472ea0c1b4fc1af99f09537ee6b79e5cf2f9242508af311e8c25cf91b
SH256 hash:
dfc134e02b331affc24cecde8fd79376ffe4a1dfdb232a62a850c1611d934d2d
MD5 hash:
40bb3fb8a538d56a784480fc5ab790e7
SHA1 hash:
8eb7b4a178208345895271d4f99c79543bf4fa72
Link:
https://www.unpac.me/results/548350da-48ee-4683-b527-56c945161b2b/
SH256 hash:
72b9aa300ca36a5445e764740670e996a4abd2ca93111b8d0315dc6d97972de5
MD5 hash:
2cafc17b10138d32f1d44d9075587d2e
SHA1 hash:
4534e4685391cee8234b373eac4b2bed3d09eab6
Link:
https://www.unpac.me/results/548350da-48ee-4683-b527-56c945161b2b/
SH256 hash:
fbcaa0a7cbaa647906093a1eeff4914017c7d79ce6ffd5cdb0c9575428cd0697
MD5 hash:
0c2a33ae8f37c3853ab00ac2f560c498
SHA1 hash:
3f993fe3d527e5a43866f14c80c230b1b451de9f
Link:
https://www.unpac.me/results/548350da-48ee-4683-b527-56c945161b2b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.68
Link:
https://yomi.yoroi.company/submissions/fbcaa0a7cbaa647906093a1eeff4914017c7d79ce6ffd5cdb0c9575428cd0697

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:win_gcleaner_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.gcleaner.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/321460/
  
URLhaus
https://urlhaus.abuse.ch/url/2276314/

Comments