MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03ddcadcac4df52bbf755ae997cc74076dbb6a3b6200830d2cd2af84f56f566c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 03ddcadcac4df52bbf755ae997cc74076dbb6a3b6200830d2cd2af84f56f566c
SHA3-384 hash: 59c2e0b2d6f6bb4ae3469ce0f40143198064b02008bc5fe11ba349168f0cdc7d048422265fb9b28280383121c2765970
SHA1 hash: 3ceae58aa6f3ef8526c0a9d3d91fd508c1a37446
MD5 hash: 9356b426317cefa8a26fe1fd1aff28ab
humanhash: winter-fruit-johnny-lake
File name:123.exe
Download: download sample
File size:13'367'758 bytes
First seen:2024-04-28 16:44:27 UTC
Last seen:2024-04-28 18:19:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 75e9596d74d063246ba6f3ac7c5369a0 (8 x DCRat, 5 x PythonStealer, 4 x CoinMiner)
ssdeep 393216:yThKg4a3b1rw135q6Edfd0MTOLuyMRsaJG6HyC:yThKg4a3ho7EdKDuZvGdC
TLSH T1FAD63352F2F050E3EAB21836027BD7A6C9B9AD500A9007D7736089BDF566B92F5307F1
TrID 86.1% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
5.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
3.4% (.EXE) Win64 Executable (generic) (10523/12/4)
1.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.4% (.EXE) Win32 Executable (generic) (4504/4/1)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter bobross_malware2
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
308
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
03ddcadcac4df52bbf755ae997cc74076dbb6a3b6200830d2cd2af84f56f566c.exe
Verdict:
Malicious activity
Analysis date:
2024-04-28 16:48:47 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0d74d22e-f6ac-4326-93eb-c25f664bf666

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/03ddcadcac4df52bbf755ae997cc74076dbb6a3b6200830d2cd2af84f56f566c
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/2067b280-3927-481e-8570-569294a02899
Result
Threat name:
n/a
Detection:
clean
Classification:
evad
Score:
15 / 100
Link:
https://www.joesandbox.com/analysis/1432975
Behaviour
Behavior Graph:
n/a
Score:
90%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/03ddcadcac4df52bbf755ae997cc74076dbb6a3b6200830d2cd2af84f56f566c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/03ddcadcac4df52bbf755ae997cc74076dbb6a3b6200830d2cd2af84f56f566c/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2024-04-28 16:45:07 UTC
File Type:
PE (Exe)
Extracted files:
80
AV detection:
5 of 24 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=apo4vxfmjx2sxp3vlluzptdua5w3w2r3miaigdjm2kxyj5lpkzwa._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240428-t9dxascd2w/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
725728bb3e16437030433c9905648a8091f473c05989b8bfd5c0102d5f642174
MD5 hash:
c92ab0370de1784a01b05e22a5e33af5
SHA1 hash:
6926bb79c4c817b5917c98cac55737ef7770653a
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
fb8d0049f5dd5858c3b1da4836fb4b77d97b72d67ad951edb48f1a3e087ec2b1
MD5 hash:
e6945cceefc0a122833576a5fc5f88f4
SHA1 hash:
2a2f4ed006ba691f28fda1e6b8c66a94b53efe9d
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
MD5 hash:
fd5cabbe52272bd76007b68186ebaf00
SHA1 hash:
efd1e306c1092c17f6944cc6bf9a1bfad4d14613
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
MD5 hash:
034ccadc1c073e4216e9466b720f9849
SHA1 hash:
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
6765d163fae52331dfdcccab371c9b8b5cd0915bfdb14bbf2ca5d3f42bb29f4c
MD5 hash:
aebbd25609c3f1d16809c02f12e99896
SHA1 hash:
7675d0f61062490b8c7043a66a8d88d5d147f7a9
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
3a71a119eeabce867b57636070adeb057443a6ec262be1360f344cb3905545db
MD5 hash:
3fdb8d8407cccfaa0290036cc0107906
SHA1 hash:
fc708ecac271a35a0781fed826c11500184c1ea4
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
23f04ba936568e9a7c9dce7a6beb52c9be7eb13b734cd390c99e7546cbe1973d
MD5 hash:
3bd5aea364326cdfa667651a93e7a4c9
SHA1 hash:
f33b4a83e038363c1a4df919e6f6e0e41dba9334
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
f514bd09ac0940663a59e88b8870ed6b1c17a8ba5b2358b94d8e35eda15cfd4c
MD5 hash:
7072838e045ad2301f6e60c3ea53a480
SHA1 hash:
cb09d76c17e657f510e4106d21a3b916de0be38b
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
eddb2f93eb8ed6e9388bde89cb3d0be38ef16d6a5d2d6ea9e78a9dc67e717a67
MD5 hash:
6a8d156a03a94fc53afd5d07838449ed
SHA1 hash:
bfd5fa343a8a1771f1a6be35d5768b71f7a52f2d
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
2e94290064108c52ed0edb21614dd6b186978e1fe2c5f969a50eded503e10a6b
MD5 hash:
ebce3f6d1cddd99fba48853ed79e0857
SHA1 hash:
ab9a22f437b516a804671fb074d3b9017ac1b845
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
cbcae27580c3f8a4920644de479db46bb2b131a9c9d9bbf2b58ed86ac388e503
MD5 hash:
48bfdbfa7bc55f05a5d302c4dd932452
SHA1 hash:
a23ff8ecc43979488fc1909096a5a4c66c267418
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
b088ce52a1168e6b74a57d15576c234275f878dc8319d3b15168d93d3be7b7be
MD5 hash:
da309f69ff15422a9d968751ec4b97be
SHA1 hash:
8e1344c1ec9ce91ca87688d9cf56ce57be868a9d
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
56b11d92ba85dd85bd8f1a37367d4b98ef6db044ed07be162531baec68b7eaf1
MD5 hash:
43e713ae793bd53dab4c472ab5e1b235
SHA1 hash:
6a4c1815679381cd7298fd8c5f688b3ad8f2e249
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
49fd59bbe174d0f25e2d747cc56da0c39f745db37afe109aac257dd8e8c7578d
MD5 hash:
830664407d8b34d2cfb0b45960341a22
SHA1 hash:
6695705673c2eb6076b4a388d29a4da6be5a8c88
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
aec01a4dbd81c3001f65db7b6e11c0e893cfab7f73554788b2c853707c407e89
MD5 hash:
6cf3db2035fe331f4f8ef09458adfbe2
SHA1 hash:
526c762033cb67095d498c9991292eea413bab9a
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
d7f2dc2831523596295e1a36f874aa6bdc2630c5ddfcc2ecd85d1b432fa53e71
MD5 hash:
8f9084602e68be67e2d84bc7ca648c62
SHA1 hash:
4cadb9e17e65be7fcf8ec799e71233f2e77c9184
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
8cbfe3da2eaf4fd731005009f67bc74383df6c309dcaf8c6eed37106b12c3639
MD5 hash:
49c4725614bbfd3519eabeeb75f27056
SHA1 hash:
487caa776584f3580fdc976f5ec725643d18b73a
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
4e6d692ac3bfa42fe9c9f66040fbf08187313b5a7eff206f8a628ec34c908096
MD5 hash:
c22fc6877f322faf7ea27e004a9d97aa
SHA1 hash:
4822fb9a4217fd3cda9f5c26459d4fa1394e07a1
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
ecc3c8d0c487f0e5831b5be6b23ce404b3511d3a6821081a563112b3519a0841
MD5 hash:
4b0f0e4ccc7a51711d4cc568bbf67a83
SHA1 hash:
14a8d031a897d0103b4d53973810730f826fbb8b
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
14c3368307c53fc50bf72b1d37722cabca5d59e5c69ab1cf38a6439672cab855
MD5 hash:
a053ecf51be6a3800ebcf9b2f2973dd2
SHA1 hash:
06c676c2fa0140f89d27d6bac26e1143eb02d9e6
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
9896e7a5856a4353b328ae99271fd51a480e999fb04a8326401deaae41866bc6
MD5 hash:
1d078e52d85adbe4bc5a3360ca1dcc07
SHA1 hash:
052901eaf4d91e3b038f2bbe0782d9ec6d49a360
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
8b018f088932ee9795dd8f07801c8a90b9b1b27c1f7825d2d1a648560084aa62
MD5 hash:
a4198301cb25fee111c8e1bd83129f01
SHA1 hash:
11e717225ec9623526295694867af8e86e9d32dc
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
SH256 hash:
03ddcadcac4df52bbf755ae997cc74076dbb6a3b6200830d2cd2af84f56f566c
MD5 hash:
9356b426317cefa8a26fe1fd1aff28ab
SHA1 hash:
3ceae58aa6f3ef8526c0a9d3d91fd508c1a37446
Link:
https://www.unpac.me/results/116d1bd3-e961-49ad-a80c-dd649a63a0f2/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/03ddcadcac4d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SelfExtractingRAR
Create hunting rule
Author:Xavier Mertens
Description:Detects an SFX archive with automatic script execution
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
GDI_PLUS_APIInterfaces with Graphicsgdiplus.dll::GdiplusStartup
gdiplus.dll::GdiplusShutdown
gdiplus.dll::GdipAlloc
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::AllocConsole
KERNEL32.dll::AttachConsole
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::FreeConsole
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateHardLinkW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::MoveFileExW

Comments