MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06c56274fc1db5ddff596e3c3ba6e332cdb8f2329e295b1515bcc1f9493464bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Redosdru


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06c56274fc1db5ddff596e3c3ba6e332cdb8f2329e295b1515bcc1f9493464bd
SHA3-384 hash: 556c09b7de07bf13c188ca7a23ffa43a8b4a32b3f12109a1c1b42ada8070883ad71ae7108a41824e3f8c898ce7f773c9
SHA1 hash: 7a5cb8cf87245b5fe58322ea326f2b0fef5eeac9
MD5 hash: b62139a6173c3492b4cef1570ea17d8f
humanhash: helium-red-four-double
File name:b62139a6173c3492b4cef1570ea17d8f.exe
Download: download sample
Signature Redosdru
Create hunting rule
File size:9'216 bytes
First seen:2021-07-29 15:06:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e78eab4985965e46cae096eee6530936 (2 x Redosdru)
ssdeep 192:ih1u/Os1q4gZe0KxfSEn+S5cPj4wMuP1oynOy:L0KZSy+1swMY1Ey
Threatray 38 similar samples on MalwareBazaar
TLSH T1551227465B5290B3F782EABA427EA7BFC96613431752EF12CB95EC900C12504F52E39F
Reporter abuse_ch
Tags:exe Redosdru

Intelligence

File Origin
# of uploads :
1
# of downloads :
156
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b62139a6173c3492b4cef1570ea17d8f.exe
Verdict:
Malicious activity
Analysis date:
2021-07-29 15:12:51 UTC
Tags:
trojan dupzom servstart
Link:
https://app.any.run/tasks/0df75f76-1ca1-417b-bc3d-16aa73f608de

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/175074/
Detection(s):
Win.Downloader.Zegost-6484584-1
Create hunting rule

Win.Trojan.Agent-6443182-0
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/82ea2c86-203d-4451-a499-5d16445b12cd
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/823944
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/06c56274fc1db5ddff596e3c3ba6e332cdb8f2329e295b1515bcc1f9493464bd/
Threat name:
Win32.Backdoor.Farfli
Create hunting rule
Status:
Malicious
First seen:
2021-07-29 15:07:03 UTC
AV detection:
38 of 46 (82.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a3cwe5h4dw25372zny6dxjxdglg3r4rstyuvwfivxta7ssjums6q._file
Verdict:
unknown
Similar samples:
420c4a968b184211b9e5e2d26b5a460229249a6fbc5a3dbdba6b5096e4903b63
Redosdru
50e90a38a2fda1a8a9c6ea93d9aafcb9a97271abf485b778a307e177e670ad4d
Redosdru
7d74db6d7705d15a9a3e25989d7c2983ff9ae2d4fbe561bc8a020c37eb3e2d3b
Redosdru
81d6978af7320d1e0631ffaa3b976b16f3475b235a9c072b88fb82dae0ad6b14
Redosdru
82c8c241387c128a1d00eb9a96ec415ccad32461600441cb9a6c9176cfebd617
Redosdru
851f2df17ce8673bc0747d4ec64b2904b3749a5e9028acbc65db70613b3e5ad5
Redosdru
9f905e04970d3c86d99ddb67052f2f948605a26891d085d1ab431a693260e155
Redosdru
b19f2c2eec099ce6116313fff9348927a979584c82338f16c4f24231100dbd4b
Redosdru
d494d1c9597021407f9167547604c663e7f70f705b5e70bfa207d346d9de7ae9
Redosdru
f2e9b563cfb903599a87072f6f36d77c02eb4a9c885e7c8da435f4f02801ad15
Redosdru
+ 28 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210729-8pacy9nzba/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Program Files directory
Enumerates connected drives
Loads dropped DLL
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
06c56274fc1db5ddff596e3c3ba6e332cdb8f2329e295b1515bcc1f9493464bd
MD5 hash:
b62139a6173c3492b4cef1570ea17d8f
SHA1 hash:
7a5cb8cf87245b5fe58322ea326f2b0fef5eeac9
Link:
https://www.unpac.me/results/9cc90bc8-ba3f-4c30-a964-e9f3f57767f7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/06c56274fc1db5ddff596e3c3ba6e332cdb8f2329e295b1515bcc1f9493464bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Redosdru

Executable exe 06c56274fc1db5ddff596e3c3ba6e332cdb8f2329e295b1515bcc1f9493464bd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1048148/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/175074/

Comments