MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 120b42155be473fa6bfdf267dcefbe0d04234ba35b2838938ef9e295c58ed976. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 120b42155be473fa6bfdf267dcefbe0d04234ba35b2838938ef9e295c58ed976
SHA3-384 hash: ffd852528d9162ab1d0151ded2e68bc284231382413cf9bcf0f126d005e560c22ec4c7a022f4b109309b776b5af54179
SHA1 hash: 357c71e4879a347363635d504fa0145db5afd6d8
MD5 hash: 50956ad88029a012ec8c6582dbf1dfd8
humanhash: leopard-march-blossom-two
File name:50956ad88029a012ec8c6582dbf1dfd8
Download: download sample
File size:607'744 bytes
First seen:2022-02-28 09:48:24 UTC
Last seen:2022-02-28 11:48:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash df4f8542d6039b54e6b0b354fb052e44
ssdeep 12288:vld87yIQBhXnHA8KNeFEQPCEHR+VbYikJoAmzz5:XcSPnHIREWbYx
Threatray 273 similar samples on MalwareBazaar
TLSH T125D47D22A2F0843BD1772B3DDE7796A499297F013D38984A2BD41E4C5F397817A353A3
File icon (PE):PE icon
dhash icon 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
196
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/245271/
Detection(s):
SecuriteInfo.com.ML.PE-A.30309.30057.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/7605/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe greyware keylogger
Link:
https://www.filescan.io/uploads/621c9a92dfdfa8501c6ab287/reports/35d8e8f1-688d-47b1-9db1-3b4a99d59682/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c0fb2d81-f9bf-4211-a40f-f906d2a15fc1
Result
Threat name:
CryptOne
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/947272
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected CryptOne packer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/120b42155be473fa6bfdf267dcefbe0d04234ba35b2838938ef9e295c58ed976/
Threat name:
Win32.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2022-02-28 09:49:10 UTC
File Type:
PE (Exe)
Extracted files:
38
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2866a252b6007fe9487d85b87ed23f6dddaf2f4f8ccc82328212985bfc6dd5d5
35da4d2933a33cb05a95e16d24ee1ff7c47472b03927b7cee7c3d912c6058c0f
64655836e407b78afb784dfb8160cd79a06756f0bfc93352da0fc2896e7fe170
82d0b593b28bf8ea4341802426affcffeb785d76fcbb8beb4e9f3e5e9b1d1bf9
99520f3ba578c0fa40d8f962e236ae08d01e4785727369c0a72e0214f7d6c682
a73d9e034ae3ed8b51b62c752ca68098bd7b9a6ea39d6dc4d22d63dca0662cbb
c544dd2476397c624cdea7975b552cf06cbfd2ec5f87e4f3ac34df5cb906eb60
cb4241399f69ba6a8b4e2297b225953b764fb41b4c27dcb3c923c0c54a51d627
d3273accb050f4707e06d9c89fb7109d1ca2b1fba99bec98b78bbbc91e0d3e5a
db8f1b1a9a20fcfe7ca21ad4fd0e90db01cdab159964e90d9bd5d37d79885b05
+ 263 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220228-ltcqasdhf9/
Unpacked files
SH256 hash:
2b87d49fc5a41bd906cab8814d43e1bb3b041ff25bac12413ce8dfa9c4b1a439
MD5 hash:
fd2e980c2ab7040d5d1a8571666a3482
SHA1 hash:
061b12e7afa764ebbda2d12644d870a642937e02
Link:
https://www.unpac.me/results/a868fc30-9c18-45c9-be3e-3fe60a29ccaf/
SH256 hash:
120b42155be473fa6bfdf267dcefbe0d04234ba35b2838938ef9e295c58ed976
MD5 hash:
50956ad88029a012ec8c6582dbf1dfd8
SHA1 hash:
357c71e4879a347363635d504fa0145db5afd6d8
Link:
https://www.unpac.me/results/a868fc30-9c18-45c9-be3e-3fe60a29ccaf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.26
Link:
https://yomi.yoroi.company/submissions/120b42155be473fa6bfdf267dcefbe0d04234ba35b2838938ef9e295c58ed976

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 120b42155be473fa6bfdf267dcefbe0d04234ba35b2838938ef9e295c58ed976

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2066155/
Cape
Cape
https://www.capesandbox.com/analysis/245271/

Comments


Avatar
zbet commented on 2022-02-28 09:48:27 UTC

url : hxxp://91.234.99.109/Razerd.exe