MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d3acbc0a56b99467b21aa2eccf2d7207b0e173b8b48fcd9b81e2b66a9ae1002. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d3acbc0a56b99467b21aa2eccf2d7207b0e173b8b48fcd9b81e2b66a9ae1002
SHA3-384 hash: 1533e846a6d621f2e71388c91f9f2dba070d6114b4e9d59eb41b4fdb40cd459ff7853f622b0b44f284eed1f178649364
SHA1 hash: 9a62a8395b41751439794ad0483b6b6e464e00ae
MD5 hash: e8f2e441853fea00dd6e1c87d3f66775
humanhash: crazy-blossom-salami-zebra
File name:e8f2e441853fea00dd6e1c87d3f66775.exe
Download: download sample
File size:4'030'195 bytes
First seen:2023-08-26 10:35:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ab9ff6e4872ea2766a5f5c6af5649e9d (20 x CryptOne, 13 x RedLineStealer, 6 x RecordBreaker)
ssdeep 98304:4J4xahbx26J9MTr2/omY1SsU6HN5mGU6w0SVu3now:4JNRJa+/omYwsZzmG3BWu3ow
Threatray 149 similar samples on MalwareBazaar
TLSH T1FD16331AB99089B1C83258794FE2D6B1192D3D606F738DDFD365365C4B302D0BB3AAA1
TrID 40.3% (.EXE) Win64 Executable (generic) (10523/12/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4505/5/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
286
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e8f2e441853fea00dd6e1c87d3f66775.exe
Verdict:
Malicious activity
Analysis date:
2023-08-26 10:40:43 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/55a9e16f-f2a5-40a9-84cd-b7d9504c41e7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Malware.Fugrafa-9938779-0
Create hunting rule

SecuriteInfo.com.Variant.Fugrafa.249470.10364.14457.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/108671/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware lolbin overlay packed setupapi shdocvw shell32
Link:
https://www.filescan.io/uploads/64e9d5aa1d3a8c6c12174cbd/reports/5d69d376-0ebf-4000-87df-191e3a290ef7/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/0d3acbc0a56b99467b21aa2eccf2d7207b0e173b8b48fcd9b81e2b66a9ae1002
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/27424422-5c44-427e-93ac-c53dc05203e6
Result
Threat name:
n/a
Detection:
suspicious
Classification:
n/a
Score:
39 / 100
Link:
https://www.joesandbox.com/analysis/1297808
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d3acbc0a56b99467b21aa2eccf2d7207b0e173b8b48fcd9b81e2b66a9ae1002/
Threat name:
ByteCode-MSIL.Backdoor.DCRat
Create hunting rule
Status:
Malicious
First seen:
2023-08-26 10:37:05 UTC
File Type:
PE (Exe)
Extracted files:
65
AV detection:
23 of 38 (60.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bu5mxqffnomum6zbvixmz4wxeb5q4fz3rnepzwnydyvwnknocaba._file
Verdict:
malicious
Similar samples:
023ba111fa8dccee3ae3eaff7cbab1927096fb47ee58e8983eb2a5241d4557d7
049c85c420d5b7b01316bd54cac073421f0f2a6d3af1dc6bf49a494bb9356c02
23ad77a2be48a81e4460c894c41a35db18308a8f85eb841f5bf7ae99265f7310
4d6a68af9d1de9ad0ed6dfdd5cbb0daa6341caa3798b26b3d2d111d06fc402ba
6bc2d4c7cf6c183e47b32a0a9f6802ef785f6d7938e452248e3f00b2b37162aa
70caeb1acf2902a83cc604e44bffed2b43c0698a5e101f12b6f1a6f9eeccc546
ac0512ae388edecb444eac7b61138650b05f1ab927277696aaecb73efd62776c
d664e5a74efe8bee93416258fe43fbaee485a4e1c585dcb3892c93359c48feca
f8ba98c4f7f9ccf0520492b17b56a57e69c7624e497fca78007766cdce05b947
+ 139 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230826-mnajesbd5t/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
0d3acbc0a56b99467b21aa2eccf2d7207b0e173b8b48fcd9b81e2b66a9ae1002
MD5 hash:
e8f2e441853fea00dd6e1c87d3f66775
SHA1 hash:
9a62a8395b41751439794ad0483b6b6e464e00ae
Link:
https://www.unpac.me/results/014d9467-fc5c-47a2-9215-55c839185d6f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0d3acbc0a56b99467b21aa2eccf2d7207b0e173b8b48fcd9b81e2b66a9ae1002

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 0d3acbc0a56b99467b21aa2eccf2d7207b0e173b8b48fcd9b81e2b66a9ae1002

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2261300/
  
Delivery method
Distributed via web download

Comments