MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 033017fdce27eeca32dc3feb7ce7c2f74da2450c7c8f6654d39a7eb8f4e7d941. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 033017fdce27eeca32dc3feb7ce7c2f74da2450c7c8f6654d39a7eb8f4e7d941
SHA3-384 hash: 5f40f4934b2c5fa90fa19c6e36c9e921f2bb8db0683f680702599dcc56e24444c4c3c5e135662ab93b4afa0ce4793f36
SHA1 hash: 03402e922cbb39fe16b3e3de3af7bec52c0f6f36
MD5 hash: 92003975f7fcb0f9bcd1d7e4c20b17ce
humanhash: berlin-mountain-island-alpha
File name:92003975f7fcb0f9bcd1d7e4c20b17ce
Download: download sample
File size:532'480 bytes
First seen:2022-01-11 01:26:36 UTC
Last seen:2022-01-11 02:34:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ae361571986d901b567f51e2bc984a12
ssdeep 12288:8qYVRguhfjNvVGt89yqKFcL8OIWOMbNKG4I+gWxE2:8BRguhfjmGKFcL8OIW9IGWxE2
TLSH T12BB4D10273F8ABB7D10F50760F509F77646995B46F2F8A93BFC20E8D8B249825634752
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://212.192.246.146/cryphn.exe
Verdict:
No threats detected
Analysis date:
2022-01-11 00:31:58 UTC
Tags:
loader
Link:
https://app.any.run/tasks/ad517e6e-36a2-4a58-80f4-89bd3cc746f2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/218086/
Detection(s):
SecuriteInfo.com.Variant.Zusy.308149.30632.22484.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
DNS request
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/4047/overview
Behaviour
MalwareBazaar
CursorPosition
CheckScreenResolution
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware keylogger packed shell32.dll
Link:
https://www.filescan.io/uploads/61dcdcec02e388f9fdbfa644/reports/10b0cf00-03ff-4ddb-aa75-081454850755/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/61bd16c0-6bcb-44c1-9c4e-9147be5d51a6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/918020
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/033017fdce27eeca32dc3feb7ce7c2f74da2450c7c8f6654d39a7eb8f4e7d941/
Threat name:
Win32.Backdoor.Mokes
Create hunting rule
Status:
Malicious
First seen:
2022-01-11 01:27:10 UTC
File Type:
PE (Exe)
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220111-bt4hxaeha2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
033017fdce27eeca32dc3feb7ce7c2f74da2450c7c8f6654d39a7eb8f4e7d941
MD5 hash:
92003975f7fcb0f9bcd1d7e4c20b17ce
SHA1 hash:
03402e922cbb39fe16b3e3de3af7bec52c0f6f36
Link:
https://www.unpac.me/results/f561b8e8-31a7-40a1-a942-5f48f1e07ec5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/033017fdce27eeca32dc3feb7ce7c2f74da2450c7c8f6654d39a7eb8f4e7d941

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 033017fdce27eeca32dc3feb7ce7c2f74da2450c7c8f6654d39a7eb8f4e7d941

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1963609/
Cape
Cape
https://www.capesandbox.com/analysis/218086/

Comments


Avatar
zbet commented on 2022-01-11 01:26:38 UTC

url : hxxp://212.192.246.146/cryphn.exe