MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1cdd54b1e4627c03763084b0b3064b085fe7b50de63121cdddd32dd10e0dff7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1cdd54b1e4627c03763084b0b3064b085fe7b50de63121cdddd32dd10e0dff7a
SHA3-384 hash: 4396d3ac8100cc5afa3430ad54edbf26b46b27a8e1a8bef48ef53fda17c1a22d53b8afcb2965f9f8a7d28339ec16bc52
SHA1 hash: d4c68965794c588c75dbe526fa1d39cfbd56b5f2
MD5 hash: 1c31f27bae6ee506d36e2dc876074670
humanhash: texas-mars-eight-lactose
File name:1c31f27bae6ee506d36e2dc876074670
Download: download sample
File size:373'248 bytes
First seen:2021-08-27 20:43:45 UTC
Last seen:2021-08-27 21:50:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ebf21d5f80ce6d78a1158dea28ff74e3 (3 x RaccoonStealer, 2 x RedLineStealer, 2 x Smoke Loader)
ssdeep 6144:q4gRPBLT7EysmQkAK5vaitpLt2s4nMntYeu3miyS0IceWwfVRq7v6iaTIVO1yUw7:+PtHEvgpLww5WmhwVRq7v6iaTICyUJO
Threatray 239 similar samples on MalwareBazaar
TLSH T13784BE30A790C03AF5F712F449BA83B8B52D7EB1976450CF92D116EA0B346E9AC31757
dhash icon 9c6058a8f8f0e498
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
211
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1c31f27bae6ee506d36e2dc876074670
Verdict:
Suspicious activity
Analysis date:
2021-08-27 20:46:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ce9a63ad-81dc-4dc8-b6f5-635849e24da6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/182980/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.11244.15127.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Searching for the window
Launching a tool to kill processes
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6634b209-a1a9-4b24-a252-c1808b718f31
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/840605
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 473033 Sample: ynz2AV6jd9 Startdate: 27/08/2021 Architecture: WINDOWS Score: 52 36 Multi AV Scanner detection for submitted file 2->36 38 Machine Learning detection for sample 2->38 7 ynz2AV6jd9.exe 1 2->7         started        process3 process4 9 WerFault.exe 9 7->9         started        12 WerFault.exe 9 7->12         started        14 WerFault.exe 9 7->14         started        16 5 other processes 7->16 file5 22 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 9->22 dropped 24 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 12->24 dropped 26 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 14->26 dropped 28 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 16->28 dropped 30 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 16->30 dropped 32 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 16->32 dropped 34 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 16->34 dropped 18 taskkill.exe 1 16->18         started        20 conhost.exe 16->20         started        process6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1cdd54b1e4627c03763084b0b3064b085fe7b50de63121cdddd32dd10e0dff7a/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-08-27 20:44:06 UTC
AV detection:
13 of 43 (30.23%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2ec6c6341ff83005a6515d942976d2092549312d419a29e59d0efb15d65749bf
463a368c85c49254ec2a84f7a042c3ec68353b7e0280ba464701ca13a7391c5b
4b027545342913b299157c8e60174c2c73bb8ae0b9a6343d4bd2d592f46092dc
67b1a7835687bf5851cf29539b2d0ce90ab30d373edfcf9ee54237026c67df33
82d6a5af89fc2c37abd8a1639195c197c83e5d883b448909ee9bdf1db25a269a
832bb287721c9ba37770ea80ae5ace489cb868ea655d022d88db12fb64106ea1
bf86597d2d10ad8d82f0af8b53cf72757094322e79e92180092aa60341b90034
c98cb5ef26c659b30d3fc26fa45b27595337d83c32405d9298d799a975b736fb
de4951605496dbd1b5e05f579b2601f45c459b9154b2c6a215517c4f8b3d0daf
fd5c970806fba1500cbb6af5328329aeb43b8de3f02d90ec5d8cd1d57711622f
+ 229 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210827-v7b2g1b3yj/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Deletes itself
Unpacked files
SH256 hash:
71ca5a92804592f2f7588b588b0c9c3c31eddd71a97d8d01f983977c47287749
MD5 hash:
66be8d88cf799cc8e25fd90e3a6a5240
SHA1 hash:
890aa1ce33c7bbe0352c7465650a50ea09ea3387
Link:
https://www.unpac.me/results/cb6160ba-cdab-40e0-b708-d2d5c232d673/
SH256 hash:
1cdd54b1e4627c03763084b0b3064b085fe7b50de63121cdddd32dd10e0dff7a
MD5 hash:
1c31f27bae6ee506d36e2dc876074670
SHA1 hash:
d4c68965794c588c75dbe526fa1d39cfbd56b5f2
Link:
https://www.unpac.me/results/cb6160ba-cdab-40e0-b708-d2d5c232d673/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1cdd54b1e4627c03763084b0b3064b085fe7b50de63121cdddd32dd10e0dff7a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1cdd54b1e4627c03763084b0b3064b085fe7b50de63121cdddd32dd10e0dff7a

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/182980/

Comments


Avatar
zbet commented on 2021-08-27 20:43:46 UTC

url : hxxp://194.145.227.159/pub.php?pub=five/