MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 137a5389ff9078053fd119f0d45d25d25dbec4bf22cb8af943044c18804ba4b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 137a5389ff9078053fd119f0d45d25d25dbec4bf22cb8af943044c18804ba4b3
SHA3-384 hash: dea799b46477f8ed996333cac16218837b0030f7ab1d9942a0c1595f5d57b7873324137d780d23bab80fc82a1aab6059
SHA1 hash: 2d4e1b48b887def123e232ddb6382ad210b9cf94
MD5 hash: 60d7b1bba6983257835397e4f978cb98
humanhash: october-lima-alanine-south
File name:60d7b1bba6983257835397e4f978cb98.exe
Download: download sample
File size:292'352 bytes
First seen:2021-09-24 06:39:56 UTC
Last seen:2021-09-24 08:16:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 110da1023e5bbd9b585d5ac7f21f7aaf (4 x RedLineStealer, 2 x RaccoonStealer, 2 x Tofsee)
ssdeep 6144:H0iHZMRnpbyZPm1QqHf+wvQzzzTdvMs4q9:H0iHZMRnpbX1tl4zzzTRt
Threatray 431 similar samples on MalwareBazaar
TLSH T18C548D10B7E0C034F5B712FA49BA93A8B53E7EB16B24C5CB62D116EA56746E0DC30397
File icon (PE):PE icon
dhash icon ead8ac9cc6e68ee0 (118 x RaccoonStealer, 102 x RedLineStealer, 46 x Smoke Loader)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/191045/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.24807.11838.31713.UNOFFICIAL
Create hunting rule

Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/76069f3b-4f3b-4c05-8c9f-45880c072bd4
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/857114
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/137a5389ff9078053fd119f0d45d25d25dbec4bf22cb8af943044c18804ba4b3/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-09-24 06:40:13 UTC
AV detection:
21 of 44 (47.73%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0fc706684891ec6501c459e2b308701d6fff7f0223782e558f1d34e492258963
4b8c4a8eac028219e9061dc6b6cf7042526a56e13c8df7ddbd301b9854b7b19a
4cd43ae99f4a8ca39cd1659b37d14b8bbe60e26fb629c2d59b39255c013c7680
94ffd442633e4f89daa381496884c649d3121e41460b9082ccea5189b89d2334
9bc7005b8ede7f8de8210326af0a50af7329ff548093b288a78e1447da20c91a
a4eba6768fa57ba46164216e7ac355741aa117c1e198592a093cf8e862ad998c
bbbfd58f79cff623722df5aab5a7d9e4d55b2e22f28bd489262bb46d6209bebb
d2dfee39028d2344853119ef7834b34f6138c822adf1ab05d5adc1634f141528
e7712697b1259ff1a3f8cbfa6435c069b4127af3316ea52aa740d5ae8cf2bd4b
eee4674c468df543473abb0c44c05535dae405d045c9dee93b7fd2baa7cb1b6c
+ 421 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210924-he9vpsgbcp/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
8ae9d6cdc061b88aa9005d4d340ccc747cc1ba3641f28d94747b4b9f80d1e36a
MD5 hash:
49fc8236866f9a57c7e08b39a5383ed6
SHA1 hash:
57e7d9a6fc3a918f652446bd425b75b43b6610dd
Link:
https://www.unpac.me/results/9e13d048-6305-472a-8e7f-156a69466b74/
SH256 hash:
137a5389ff9078053fd119f0d45d25d25dbec4bf22cb8af943044c18804ba4b3
MD5 hash:
60d7b1bba6983257835397e4f978cb98
SHA1 hash:
2d4e1b48b887def123e232ddb6382ad210b9cf94
Link:
https://www.unpac.me/results/9e13d048-6305-472a-8e7f-156a69466b74/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/137a5389ff9078053fd119f0d45d25d25dbec4bf22cb8af943044c18804ba4b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 137a5389ff9078053fd119f0d45d25d25dbec4bf22cb8af943044c18804ba4b3

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/191045/
  
URLhaus
https://urlhaus.abuse.ch/url/1635265/
  
Delivery method
Distributed via web download

Comments