MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01b44b9b3c3a6d3fc638b9a64e25ed866379539dddd9590290f71175352a9b23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	01b44b9b3c3a6d3fc638b9a64e25ed866379539dddd9590290f71175352a9b23
SHA3-384 hash:	8ebfbd3de3b4305733a0ff2f36ea64b8b6d07b0a7102795ae213ee69ab2e1626517e06da2ee13ab7e38574d7f643b8d3
SHA1 hash:	f0c7bb55ed216940925ac0dffb8b577e89e878ae
MD5 hash:	ed89e14f431b5c9d09bb2f7a644fa984
humanhash:	delaware-triple-minnesota-one
File name:	SecuriteInfo.com.Variant.Ursu.897663.294.29535
Download:	download sample
File size:	888'320 bytes
First seen:	2020-06-11 05:50:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	fee5135ed0bd1fca8008eeca395fd3f3
ssdeep	24576:NdoYDcxApIVq02RUDcx/Rpi3J6K1fcCmMb8rPgtSM0RfP:NvHIVqvREcTuJH1UlMbKPgSz
Threatray	34 similar samples on MalwareBazaar
TLSH	71152335508987A3EC15CFB80632B778AFAEADB14950C77F5A04B2E6D0F52203925DF6
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

1

# of downloads :

64

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/8870/

Detection(s):

SecuriteInfo.com.Variant.Ursu.897663.294.29535.UNOFFICIAL

PUA.Win.Downloader.Firseria-6870500-0

Gathering data

Threat name:

Win32.Infostealer.ClipBanker

Status:

Malicious

First seen:

2020-06-09 23:33:49 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

2de69c2d371c790dd7977c5778e4c3cc1c9df180e8075a490e8eda4a1536bc63

34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1

5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7

77b2ce43a1a7363d6c90b9b11fc05220511a868f4f8ca72cd6cbe3219f79fbdd

956a4834f9fd06b41877a81e7edb083994d53daae9739fcfb8d4f82203105414

9dfc0d127c1129cd943b1c6ea494a01b40b6b29656db9a44f3dc3231db127a0e

9fdf001f730abe9e97454ce266d79326fb6e7c02fa6f3c16a7bbf5485ef674c4

ae2ee9f58ee2c27d739190e1176d8898a49ddac0c36e392115f12309ac07e63a

b571436ef8d4284f5dabee122973c8710965a31de19f80f7a8a62cb8cea8f1d6

baa64a07d699b89e8715fe38010305c8b42fcb15384550d7cb56f44a71894490

+ 24 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

vmprotect

Link:

https://tria.ge/reports/201109-41t492r8ea/

Behaviour

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Drops startup file

Loads dropped DLL

Executes dropped EXE

VMProtect packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 01b44b9b3c3a6d3fc638b9a64e25ed866379539dddd9590290f71175352a9b23

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/386441/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/8870/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample