Sample name: | BRWgvKaqbg.exerenamed because original name is a hash value |
Original sample name: | c72e70f29d3dd8fa148df55e8e6dec43.exe |
Analysis ID: | 1463427 |
MD5: | c72e70f29d3dd8fa148df55e8e6dec43 |
SHA1: | 2f182d43528f78d6d847b37b77da9a09a2ed1f0a |
SHA256: | baff3039b9acf97084d1b853f495026c52a4c483d010901e226beb599d23df5b |
Tags: | 32exetrojan |
Infos: | |
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Vidar | Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. | No Attribution |
|
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
zgRAT | zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on. | No Attribution |
|
AV Detection |
---|
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
Source: |
Malware Configuration Extractor: |
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link |
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
Source: |
Virustotal: |
Perma Link | ||
Source: |
ReversingLabs: |
Source: |
Integrated Neural Analysis Model: |
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
Source: |
Joe Sandbox ML: |
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
Source: |
Code function: |
2_2_004C6B00 | |
Source: |
Code function: |
43_2_00407E41 | |
Source: |
Code function: |
43_2_0041302D | |
Source: |
Code function: |
43_2_00407DC2 | |
Source: |
Code function: |
43_2_0040AB80 |
Source: |
Static PE information: |
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
Source: |
Static PE information: |
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
Source: |
Code function: |
0_2_00589BD3 | |
Source: |
Code function: |
2_2_004C6000 | |
Source: |
Code function: |
2_2_004E6770 | |
Source: |
Code function: |
2_2_00493F40 | |
Source: |
Code function: |
2_2_00431F9C | |
Source: |
Code function: |
2_2_00432022 | |
Source: |
Code function: |
2_2_004938D0 | |
Source: |
Code function: |
2_2_0044FC2F | |
Source: |
Code function: |
13_2_00DB9BD3 | |
Source: |
Code function: |
14_2_00639BD3 | |
Source: |
Code function: |
26_2_00BE9BD3 | |
Source: |
Code function: |
33_2_00C49BD3 | |
Source: |
Code function: |
42_2_00449BD3 | |
Source: |
Code function: |
43_2_00409FC0 | |
Source: |
Code function: |
43_2_00401443 | |
Source: |
Code function: |
43_2_0040E016 | |
Source: |
Code function: |
43_2_0040C039 | |
Source: |
Code function: |
43_2_004164C7 | |
Source: |
Code function: |
43_2_0040BC98 | |
Source: |
Code function: |
43_2_00416D7D | |
Source: |
Code function: |
43_2_0040D690 | |
Source: |
Code function: |
43_2_0040C6B5 | |
Source: |
Code function: |
43_2_004177D3 | |
Source: |
Code function: |
43_2_0041738D |
Source: |
Code function: |
43_2_004169EC |
Source: |
File opened: |
||
Source: |
File opened: |
||
Source: |
File opened: |
||
Source: |
File opened: |
||
Source: |
File opened: |
||
Source: |
File opened: |
Networking |
---|
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
Source: |
URLs: |
||
Source: |
URLs: |
Source: |
TCP traffic: |
||
Source: |
TCP traffic: |
Source: |
HTTP traffic detected: |