MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b919795439bfca71282fc1c6991ed0df9fbcf742a5472762d7607ff4e6c929a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b919795439bfca71282fc1c6991ed0df9fbcf742a5472762d7607ff4e6c929a
SHA3-384 hash: 95847460f56c33d6e51b955abb85314d115a5261fc066d140ac67b1faaf81f3005c422f36554a88a82c562cc6d2e2341
SHA1 hash: d0455929fdb3756015b4714535d82aa5a8f536d0
MD5 hash: 12a52ecfadb4ed0a6abb9ec3386d8fe8
humanhash: bulldog-item-seventeen-michigan
File name:12a52ecfadb4ed0a6abb9ec3386d8fe8
Download: download sample
File size:525'312 bytes
First seen:2022-01-29 03:14:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e1c1bdd90e50b843e259b79571de8223 (1 x Smoke Loader, 1 x ArkeiStealer)
ssdeep 6144:b1cKjhXOmklKbTAFPS55yQAn8p7rVdRw9fCW2Xa7Kd7ITsqYigavwVfG:b1cKhXOmklYM9yM2faP2K7Kd7u7
Threatray 1 similar samples on MalwareBazaar
TLSH T11EB4E0D072C0D4B6D5413E719912EFA15BEBB831DA789907F738972E1EB33C0922635A
File icon (PE):PE icon
dhash icon fcfcb4b4b4b4d9c9 (1 x RedLineStealer)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
255
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
12a52ecfadb4ed0a6abb9ec3386d8fe8
Verdict:
No threats detected
Analysis date:
2022-01-29 03:20:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a67d9f31-5317-4577-ad9c-c7a5baccfe55

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/225730/
Detection(s):
Win.Dropper.Raccoon-9916366-0
Create hunting rule

Win.Malware.Mikey-9917879-0
Create hunting rule

Win.Packed.Lockbit-9919158-0
Create hunting rule

Win.Malware.Generic-9937404-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
DNS request
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5441/overview
Behaviour
MalwareBazaar
CPUID_Instruction
SystemUptime
MeasuringTime
CheckCmdLine
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
exploit greyware qbot raccoon
Link:
https://www.filescan.io/uploads/61f4b13a06e7677a19115a95/reports/4dd6492a-2da4-4b68-96d1-09b5fc14b319/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
SystemBC
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4a08f18e-4902-4a97-8b1b-2a56b47669a2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/930080
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found stalling execution ending in API Sleep call
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b919795439bfca71282fc1c6991ed0df9fbcf742a5472762d7607ff4e6c929a/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2022-01-29 03:15:12 UTC
File Type:
PE (Exe)
Extracted files:
61
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
7f998f0b351d2086150d75ae51ca411e6343f5859e55caecf6873d0e637add7f
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220129-drx98abgaq/
Unpacked files
SH256 hash:
dcff6b2d1b84390ae6780aa7f990c1bdc99be5b4211b2ad18082c28a40798baa
MD5 hash:
ff8f8d013d23ab8626d5d29778c4c826
SHA1 hash:
035a497b898b2bb6a4364cf9f4a7211c28023c3f
Link:
https://www.unpac.me/results/5508fe9e-05ce-4eab-928c-477500981ae4/
SH256 hash:
0b919795439bfca71282fc1c6991ed0df9fbcf742a5472762d7607ff4e6c929a
MD5 hash:
12a52ecfadb4ed0a6abb9ec3386d8fe8
SHA1 hash:
d0455929fdb3756015b4714535d82aa5a8f536d0
Link:
https://www.unpac.me/results/5508fe9e-05ce-4eab-928c-477500981ae4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0b919795439bfca71282fc1c6991ed0df9fbcf742a5472762d7607ff4e6c929a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 0b919795439bfca71282fc1c6991ed0df9fbcf742a5472762d7607ff4e6c929a

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/225730/
  
URLhaus
https://urlhaus.abuse.ch/url/2012980/

Comments


Avatar
zbet commented on 2022-01-29 03:15:00 UTC

url : hxxp://5.255.100.31/imagehosting/uploads/sufile.exe