MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6cfb034a82e6e4fa018dd063e7e91e47f4034248b6ad90b62219e3c367a3673. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemoteManipulator

Vendor detections: 5

Intelligence 5 File information Yara Comments

SHA256 hash:	c6cfb034a82e6e4fa018dd063e7e91e47f4034248b6ad90b62219e3c367a3673
SHA3-384 hash:	f8d1f0f5dff3500f36cb7e20bce39bc8e038b74d881b6dae1f74f3b1c773e64eb0e3fdc5d1cdc26d88e5431fc980d9fd
SHA1 hash:	e1f19599ea001f2f7ee8d336edb7b114e0ef437e
MD5 hash:	ceb5fbc654f39a7b9ea9c62eeecdfa19
humanhash:	colorado-green-burger-uranus
File name:	uxtheme.bin
Download:	download sample
Signature	RemoteManipulator Create hunting rule
File size:	47'980 bytes
First seen:	2021-02-23 08:18:13 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a55cf28123aec4893f9cb49d5e6312dd
ssdeep	384:9wbmN5sAYR04+ePkZz3oKxpfEqTIY5Fv4iBKflxMrdFPV7PxbTEcAAPrFMQlYjL:9gAs/cZz3DfEqTIYv4gKNwFPxPe5
Threatray	34 similar samples on MalwareBazaar
TLSH	9223A4943ED49CDBEB24823D41FAC332667DB5D047534B43AA34AA320F12BE17AD5786
Reporter	@JAMESWT_MHT
Tags:	dll Remote Manipulator System RemoteManipulator

Intelligence

File Origin

# of uploads :

1

# of downloads :

70

Origin country :

IT

Mail intelligence

No data

Vendor Threat Intelligence

ID:

1

File name:

ddca8f9d05aa07e903b71aa9823252962f91d0a192b79e346f8a51f39fb9212d

Verdict:

Malicious activity

Analysis date:

2021-02-23 08:14:24 UTC

Tags:

installer

Link:

https://app.any.run/tasks/445092e4-2424-467c-bbb8-2443b80f71d4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/118549/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/c6cfb034a82e6e4fa018dd063e7e91e47f4034248b6ad90b62219e3c367a3673

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

2 / 100

Link:

https://www.joesandbox.com/analysis/615030

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c6cfb034a82e6e4fa018dd063e7e91e47f4034248b6ad90b62219e3c367a3673/

Threat name:

n/a

Status:

Benign

First seen:

2021-02-20 17:08:00 UTC

File Type:

PE+ (Dll)

AV detection:

1 of 48 (2.08%)

Trust factor

5/5

Detection(s):

Suspicious file

Link:

https://www.spamhaus.org/query/hash/y3h3anfifzxe7iay3udd47ur4r7uanbernvnsc3cegpdynt2gzzq._file

Verdict:

unknown

Similar samples:

17b3b5aa3ad7483c882eb08ac230aab908d9e60257e7522f29e1168448fbb376

RemoteManipulator

2dad5d31557aa1ab9e6a2fbfeaec8b7f5ad0e8a0d8d24697262c17886d50e4e1

RemoteManipulator

557e224995703583f76f1dc845412ea5556c3fbde0d597e7b243d55faae9faf4

RemoteManipulator

61d9f4cbc76b7889d7d17d262b63c0fd2ee40642653063b1eb6ab84397f8c57b

RemoteManipulator

723a84df66c3ee2f788acd1426e1a14176f1f27dba10cc842ba05acfb659615e

RemoteManipulator

830072e7fec53e05ae89b8ce190da6a63cdfa18bb3d799f5d574ff0991ef4903

RemoteManipulator

a1aad3bade2ea4105b2875cd592ef66131d3acbfffe0a83d840b863589145b1c

RemoteManipulator

d4f6faa7379c2ea077601e3adad1eaeaf204d4b0fb4164737292395fd240f0a9

RemoteManipulator

ddca8f9d05aa07e903b71aa9823252962f91d0a192b79e346f8a51f39fb9212d

RemoteManipulator

ed827edb7386de0b791a173523474f72144fe85a7122196616f3c955b1dc849f

RemoteManipulator

+ 24 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210223-kwbcneyqgn/

Unpacked files

SH256 hash:

c6cfb034a82e6e4fa018dd063e7e91e47f4034248b6ad90b62219e3c367a3673

MD5 hash:

ceb5fbc654f39a7b9ea9c62eeecdfa19

SHA1 hash:

e1f19599ea001f2f7ee8d336edb7b114e0ef437e

Link:

https://www.unpac.me/results/efa19d7c-a159-4d23-a605-d4f685470e3f/

AV coverage:

1.47%

AV detections:

1 / 68

Link:

https://www.virustotal.com/gui/file/c6cfb034a82e6e4fa018dd063e7e91e47f4034248b6ad90b62219e3c367a3673/detection/f-c6cfb034a82e6e4fa018dd063e7e91e47f4034248b6ad90b62219e3c367a3673-1614068312

Threat name:

Malicious File

Score:

1.00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/118549/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample