MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1cccfc83a668d9ac87ad438bc7428d7d4eb7c224e437d37d15b7e7a274468545. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1cccfc83a668d9ac87ad438bc7428d7d4eb7c224e437d37d15b7e7a274468545
SHA3-384 hash: 4bc0a3bb23173c47f99fc8d079c4fdf1e39f94f957fa33abae09b27e0d1d3d46a460c49dacb285d2e49ba356d0eef334
SHA1 hash: 871456eb92ab8d6e908135159119c5711127dc4c
MD5 hash: 59f122929a3dc1cfb09018668c13f270
humanhash: berlin-nebraska-illinois-beryllium
File name:SecuriteInfo.com.W32.AIDetect.malware2.12783.31957
Download: download sample
File size:372'224 bytes
First seen:2021-06-26 10:41:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1465dccf6e4ac51fee47e91b6181067d (2 x ArkeiStealer, 1 x FickerStealer, 1 x Smoke Loader)
ssdeep 6144:iVw8CxDFxkT6n7hrHLdEj1++p+X1mhbr4zVQNCddmOc3u2EZcskL:iqi6nVij1pAMhb82NCddmOa6b
Threatray 97 similar samples on MalwareBazaar
TLSH 20847C00AAA1C035F6F316F4997A93AC953D7EE05B6050CB52D4EAFE5A386E1EC31317
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.AIDetect.malware2.12783.31957
Verdict:
Malicious activity
Analysis date:
2021-06-26 10:44:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/12ce120a-68dd-416d-b99c-31a288bcfb8d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/168470/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.12783.31957.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0f28fe40-55da-45a1-a1eb-592256d60651
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/808448
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1cccfc83a668d9ac87ad438bc7428d7d4eb7c224e437d37d15b7e7a274468545/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-06-26 10:42:14 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
03659dfd8c9a7f8b300972af15621b9d67b8854cfbf66ecab15f63b1686afa2c
2884051cd64be98b26224c6cd9ba46bc6802242fdb2aabbb3dd4aa6b1eb16a78
3991ded07d37f90d15c445a0cce467a74d0e761b533815a9b7d2e82e3cd47eee
45269d3d0fbf13c80d6c496d3ee36e13808e36063bc82e3247cfc291e0f9223c
4a8de772cb047939cbac796b1461b5276e418fb33249cb4d41785ef37fa91a35
644c41a4311cb26bf1e4b1587a7c8b4e843395cadda1f9ab710a585658c829b2
809ebb3b8572da276fb521772e931faca272a61a9a05e3a3f0734be71cdcc4f9
9d98cf2a209bc4ccc92b7dc792c6f3b21c0ce1c2f7eb72498823e7a593145fea
aa703fb814c6e09c409060654ea9b5798b6a99cb0ceb25bd31bf894dc60702f5
b3daa8d8b247d807ed0619e9f246a6769aa8334f61586a2579ea4886ffca05c1
+ 87 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210626-xcxqhndlms/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
b2a049b580ef2fe23defefd78644442329b1378213c59357fbec5e24555aac44
MD5 hash:
f9e3e8dcfbfaf22d61687c78a2ff20fa
SHA1 hash:
439731b1bf2b800c2ed8c18fcd14b8ecc25eacc9
Link:
https://www.unpac.me/results/1e6b08e0-471b-4967-b7e3-7ebeff6ff460/
SH256 hash:
1cccfc83a668d9ac87ad438bc7428d7d4eb7c224e437d37d15b7e7a274468545
MD5 hash:
59f122929a3dc1cfb09018668c13f270
SHA1 hash:
871456eb92ab8d6e908135159119c5711127dc4c
Link:
https://www.unpac.me/results/1e6b08e0-471b-4967-b7e3-7ebeff6ff460/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1cccfc83a668d9ac87ad438bc7428d7d4eb7c224e437d37d15b7e7a274468545

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1cccfc83a668d9ac87ad438bc7428d7d4eb7c224e437d37d15b7e7a274468545

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1400216/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/168470/

Comments