MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fc050c90aced452c084c287ee54afd79d309b0f6ae39a4cb6afcce4d1997820. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1fc050c90aced452c084c287ee54afd79d309b0f6ae39a4cb6afcce4d1997820
SHA3-384 hash: 0baf0a70f985197723500a38e109f41e1925e06fa77355057ff222b82d97ed126403e43925eb5bb328cf8b2dbae06f7d
SHA1 hash: 72880c6a5e793905a71f7a2e7d3328c311e12311
MD5 hash: ff0c1bc030125d5ecad06aadba733047
humanhash: alpha-seventeen-iowa-carolina
File name:ff0c1bc030125d5ecad06aadba733047
Download: download sample
File size:1'116'672 bytes
First seen:2022-03-15 15:18:48 UTC
Last seen:2022-04-20 10:20:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0bff565af25c1bc5033321ca0bc710a2 (3 x RaccoonStealer, 1 x RedLineStealer, 1 x BitRAT)
ssdeep 24576:rlKBQ/pEK0v72oDggCCq1HQC13vuoPul3GNbpS:4K0v72AHkQKxWl3G
Threatray 290 similar samples on MalwareBazaar
TLSH T15F351200F9A0D034F9B719F4097E934C6D3FBAB0572450CBA29166E966786E4ED3272B
File icon (PE):PE icon
dhash icon 2dac1378399b9b91 (35 x Smoke Loader, 34 x RedLineStealer, 18 x Amadey)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
danabot
Create hunting rule
ID:
1
File name:
ff0c1bc030125d5ecad06aadba733047
Verdict:
Malicious activity
Analysis date:
2022-03-16 04:26:56 UTC
Tags:
trojan danabot
Link:
https://app.any.run/tasks/d78621ed-47ea-47ef-8077-f3758c8b6e34

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/250951/
Detection(s):
Win.Dropper.Generickdz-9939781-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/9336/overview
Behaviour
MalwareBazaar
CPUID_Instruction
SystemUptime
MeasuringTime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6230ae780cd58dbd929f7255/reports/85cb0880-c98f-400c-bd06-4b5513fb8a57/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4f394214-5446-4081-b811-799a3628963a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/957190
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1fc050c90aced452c084c287ee54afd79d309b0f6ae39a4cb6afcce4d1997820/
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2022-03-15 15:26:11 UTC
AV detection:
23 of 27 (85.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2d94d61829d259d8e5d224ca67e580aa056e7bdc13a841c6a1188b657a7c008a
63ee1526eb71b0de98c9cb03a0ba85607d67985db61fafd227a996bd3adb9c10
6be47b4e88113c1a5670018b9e6c81ce5a90677334da72fabed0af3eb4f0361b
72458cc243d77848194d37b59aa4081b974d013163899b639d7de3fc03d70a63
8119fad3b28a478680b211052a3af868e09be4cc9fd8af4d5fef720d522e22dc
9eb980a3a65d550661eea3c2de5c763af6993f4da16ffc0aa80202a48748d231
beced991de014438e5a42627fd44721a06fd4fa67b8a58319fc00eb6316169a1
c04089468922696353c3c7a044bc53491562ae6a894f77e303f2d50d41363bb4
f4f320fd3ca17e544dc33f90d02a769ecba5dec0f05cc08b9981dfc5a81900f8
+ 280 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220315-sp6wxadbd4/
Behaviour
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Blocklisted process makes network request
Unpacked files
SH256 hash:
71a78a1b926ee65053df2f3d2c1af46049c7504aa483d535901b6600952569e8
MD5 hash:
54b8372cb9196ce497efccae0c92302e
SHA1 hash:
a3d48ec62c26fcaede05414a5b15d11d82c7970d
Link:
https://www.unpac.me/results/90b28645-8dad-4403-a439-85bf578bfef4/
SH256 hash:
1fc050c90aced452c084c287ee54afd79d309b0f6ae39a4cb6afcce4d1997820
MD5 hash:
ff0c1bc030125d5ecad06aadba733047
SHA1 hash:
72880c6a5e793905a71f7a2e7d3328c311e12311
Link:
https://www.unpac.me/results/90b28645-8dad-4403-a439-85bf578bfef4/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/1fc050c90ace/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1fc050c90aced452c084c287ee54afd79d309b0f6ae39a4cb6afcce4d1997820

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1fc050c90aced452c084c287ee54afd79d309b0f6ae39a4cb6afcce4d1997820

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/250951/
  
URLhaus
https://urlhaus.abuse.ch/url/2098408/

Comments


Avatar
zbet commented on 2022-03-15 15:18:49 UTC

url : hxxp://45.153.240.208/200.exe