MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12ca4693f082107b4979a7d1ee7c880c1318b0813f3ba766dd1a52634a37738f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	12ca4693f082107b4979a7d1ee7c880c1318b0813f3ba766dd1a52634a37738f
SHA3-384 hash:	2ae673b03164ac1aff6593cd9b4851166d59f1faa260214dd66b2106849fade4aeb65c1629aeb592e30326723923cfe0
SHA1 hash:	1b4cbf9e586f1a982b10fe2abd3d15980ccaebff
MD5 hash:	65308084d64617a296f61bfc5b425bcf
humanhash:	berlin-friend-zulu-lemon
File name:	65308084d64617a296f61bfc5b425bcf.exe
Download:	download sample
File size:	4'553'216 bytes
First seen:	2022-03-03 09:39:39 UTC
Last seen:	2022-03-23 04:43:40 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	7dc28ef949f54ad98c715895ecc34cff (79 x RedLineStealer, 2 x Formbook)
ssdeep	98304:IAZ0ZkXrYXaot7QPzv5HTiEHpW4o6qwfH+rlOzN0uCv6HC6Fghj:IA8Xaot7QPzxuEg45H+rlENHCqbgx
Threatray	1'507 similar samples on MalwareBazaar
TLSH	T1DB26331721AAEB0CC51567F32317BD16EED503FD80E4C19CEA0A1946E96EEB016987FC
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

214

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/246898/

Detection(s):

PUA.Win.Packer.Asprotect-3

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

DNS request

Sending a custom TCP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e257cdd9-48a9-4d26-80c7-f3ac846ceabc

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/950180

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file has nameless sections

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/12ca4693f082107b4979a7d1ee7c880c1318b0813f3ba766dd1a52634a37738f/

Threat name:

Win32.Trojan.Fragtor

Status:

Malicious

First seen:

2022-02-16 09:28:27 UTC

File Type:

PE (Exe)

AV detection:

34 of 42 (80.95%)

Threat level:

5/5

Verdict:

malicious

1d1ad9014ce8356b997ff90266f50fb3314d7135e4cc9832128ebfa49f5b8aec

321ddd857576b83c4911d7cdd0433537bab88d70d104c57abdfe7f6acec07628

433cf9125a44e304eca2c5cf3bfe2af0b1deafd1c5e8d13d559e1bac9de711b3

5b54867f600777e8cec30c3386a3d42f08da4e1a3a4e636f135e25e2d9850603

675fb06332308b4e20c18722d71d7ac4a4fa3414cf2c93720800f52deb217542

ac50621ee130a988dc1ddc97ca8b1193249ce9a027648f482ef1b0f9cf7b2e88

c359e05e269baa3aa125ac01c91c7e577f06feaede154cf5407f6c6c96f41531

d65fdc8389357ba633919c9a52c6d6ae0568343676be45e33652ad41d665e935

df3f1453ac8a57eb0f8bcf8d36db69471d3fa754c1be5b352a9e2699d57b28c4

+ 1'497 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/220303-lm8jdsach7/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

98c821fb279473f2e320b99fd1e1dcdc7769fba77856a236e774783fe222e382

MD5 hash:

3eaf0368e27116021a650a5376f09679

SHA1 hash:

c01c210569cf93028b4ff8d83e39aee2b49b7993

Link:

https://www.unpac.me/results/be3b6213-4fab-47a6-b337-de4cec6e1e6f/

SH256 hash:

12ca4693f082107b4979a7d1ee7c880c1318b0813f3ba766dd1a52634a37738f

MD5 hash:

65308084d64617a296f61bfc5b425bcf

SHA1 hash:

1b4cbf9e586f1a982b10fe2abd3d15980ccaebff

Link:

https://www.unpac.me/results/be3b6213-4fab-47a6-b337-de4cec6e1e6f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/12ca4693f082107b4979a7d1ee7c880c1318b0813f3ba766dd1a52634a37738f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 12ca4693f082107b4979a7d1ee7c880c1318b0813f3ba766dd1a52634a37738f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2072637/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/246898/

URLhaus

https://urlhaus.abuse.ch/url/2073409/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample