MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 feee8b399acf736605f15dd1be6027d4e1f7c2538675ed4c43fc947f9e201e29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: feee8b399acf736605f15dd1be6027d4e1f7c2538675ed4c43fc947f9e201e29
SHA3-384 hash: 8c803dfa0c42485e17a626f3db566fac615509265ee713011a115452bf4a17fff02b0bf06de87c6d4eb40d6a693b0e6e
SHA1 hash: 4a4e5e8f8a379104e107c3356fb2eedbadcef665
MD5 hash: 157c168eb5bb5ea8b1375b0834c00cb4
humanhash: twelve-golf-stream-texas
File name:157c168eb5bb5ea8b1375b0834c00cb4
Download: download sample
File size:4'997'632 bytes
First seen:2023-06-22 06:46:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ece47d65941b3e72bb0a2006de482fd
ssdeep 24576:D7SRhRFO8fNz8bQCuV9suuvTo1+0+kSSJmdzCjj4GdaVcNrTR8hgW0Fuh9XFtn7p:8lfNzsQCKsuuvTFkStdzNC3R8hoe/x
Threatray 13 similar samples on MalwareBazaar
TLSH T15C36D156B3B400F8D1ABD178C9165607EBB1B415177097DB56E0CAAA2F23FE12A7F320
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 72e0dcbab4c6e420
Reporter zbetcheckin
Tags:64 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
157c168eb5bb5ea8b1375b0834c00cb4
Verdict:
No threats detected
Analysis date:
2023-06-22 07:32:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/466db377-490d-4dd2-b512-ecc9c1943944

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/401561/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
DNS request
Creating a file in the %temp% directory
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/92067/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
barys crypto greyware
Link:
https://www.filescan.io/uploads/6493ee3063e40cba6801af97/reports/e6767d88-cb4a-43a3-a3c3-88f741a5c16d/overview
Verdict:
Malicious
Labled as:
Barys.Generic
Link:
https://www.hybrid-analysis.com/sample/feee8b399acf736605f15dd1be6027d4e1f7c2538675ed4c43fc947f9e201e29
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/6cb818b4-75b2-4803-ae45-42296b9d3de4
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1259458
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/feee8b399acf736605f15dd1be6027d4e1f7c2538675ed4c43fc947f9e201e29/
Threat name:
Win64.Trojan.Barys
Create hunting rule
Status:
Malicious
First seen:
2023-06-19 21:45:16 UTC
File Type:
PE+ (Exe)
Extracted files:
48
AV detection:
19 of 37 (51.35%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=73xiwom2z5zwmbprlxi34ybh2tq7pqstqz262tcd7skh7hradyuq._file
Verdict:
unknown
Similar samples:
125b196d6c7adac46fb0842734dcec64c044445506f529261c3357d710ac7f28
231e3371fc3a1bcf991ca1342c7e0ae50b2128d5cfd07714b487825adbe0c002
2b0aeb438931bb39ad766baaee5675673f46684c20ad4485ed27c396f6e5dd53
5895af5f3925b4919d8891b75cc73dd70eecfd2489cab1c61a7cc12f55d9942d
8221518c5f5419483fe4f1d2b0e2a43f94d8eddb074f22c9518a2e3d74685276
8c2f279f19084c2f3e22142293aa362052d74122a46d0bcb8bed5abf3b6c697c
d6089ca4f682bbc8ed8fbb8c979f9f4b9cbd4c55a8748a8e945be3cca1b2f578
e74e9eef09f0408bc12122664feab0f172a77bda450290cb2c583a1fb09a18b7
f0c50139a7c5ba242d301b20d0fb928f96021fb0bf3e329dcd4444a75540f082
fecb0d6858bb301f1cd98d6f7c12aa675b384903d7b00471c92c6f77c987f71f
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230622-hjns2ach84/
Unpacked files
SH256 hash:
feee8b399acf736605f15dd1be6027d4e1f7c2538675ed4c43fc947f9e201e29
MD5 hash:
157c168eb5bb5ea8b1375b0834c00cb4
SHA1 hash:
4a4e5e8f8a379104e107c3356fb2eedbadcef665
Link:
https://www.unpac.me/results/2c1e525e-3159-4408-b708-be41f645f1a1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/feee8b399acf736605f15dd1be6027d4e1f7c2538675ed4c43fc947f9e201e29

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe feee8b399acf736605f15dd1be6027d4e1f7c2538675ed4c43fc947f9e201e29

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2669311/
Cape
Cape
https://www.capesandbox.com/analysis/401561/

Comments


Avatar
zbet commented on 2023-06-22 06:46:03 UTC

url : hxxp://104.156.149.33/yes/4496FLekNjgLsdHPKRxKqWBOgKMJ.exe