MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2056fdb66896bbbf491ea0d31c64c5937f05fe1311dab22fd1dfa933038ef65b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2056fdb66896bbbf491ea0d31c64c5937f05fe1311dab22fd1dfa933038ef65b
SHA3-384 hash: f50cd311fe89b3986cc86f831dc3c37bfeb7f2f085f6d83bb661acff934411626bd5eb0311456e03fce16be65a7cef8b
SHA1 hash: 5234bba8874bfc71fc540baa73262d4e43a5d68e
MD5 hash: 35017215e01c6b1a44e76948c0aa5ba4
humanhash: sink-artist-september-purple
File name:35017215e01c6b1a44e76948c0aa5ba4.exe
Download: download sample
File size:761'856 bytes
First seen:2021-10-03 16:24:44 UTC
Last seen:2021-10-03 16:54:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e1dc734f9d3fd8ffe237c21274508ba5 (4 x RedLineStealer, 2 x RaccoonStealer, 2 x ArkeiStealer)
ssdeep 12288:HYAsFS4L88u/IUvJXlGq5WGZZUcN+7Zvf1PyvEKnsy3dVZvDL6+zxF6L:HYPXL88WzlrEG+7Z1mnns4JL6L
Threatray 12 similar samples on MalwareBazaar
TLSH T11FF401193181CFF2E6B206F1AB19C3F0496CBD6E4949560F2758376E7E3D3928A22753
File icon (PE):PE icon
dhash icon fcfcd4f4d4d4d8c0 (23 x RedLineStealer, 21 x RaccoonStealer, 6 x Smoke Loader)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
35017215e01c6b1a44e76948c0aa5ba4.exe
Verdict:
Suspicious activity
Analysis date:
2021-10-03 16:27:32 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a14df017-1e3a-45d3-99da-ad3f2ae9fccb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/194360/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.32496.30683.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/efa286a4-f3e1-4de1-8f95-a6558b7747b1
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/863456
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 495884 Sample: S8wVvHW6v0.exe Startdate: 03/10/2021 Architecture: WINDOWS Score: 52 17 Multi AV Scanner detection for submitted file 2->17 19 Machine Learning detection for sample 2->19 6 S8wVvHW6v0.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        11 WerFault.exe 2 9 6->11         started        file5 13 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->13 dropped 15 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 11->15 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2056fdb66896bbbf491ea0d31c64c5937f05fe1311dab22fd1dfa933038ef65b/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-10-03 16:25:20 UTC
AV detection:
24 of 45 (53.33%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0043de32b946e3da5bf993515848be03979a1bf019b720f4c2a1ad647f120f53
02bee4e148a2a4a9b5371d5d7db5f0a376484315c3046ab69766e6f2dc5680e7
0d165ee8e30b6716bf316118565b781b82ad87c7aff58c1907ae1e2b512f522c
21c2d5c785b09b136e5190ac486ffccf57d97dbe50115ba9361b6377bba522e6
3decf0329e1b897bb576210f182a3e9d1369613a117cb02d6e47ccaaa151c7b9
434a28e5e131dff29b239284643df2370d0f317d0a8621b682c26ec944d8889a
64a0408d8638dfdbcd61dec9899f97ea42aa898fb308edb16ec59ac85d0ec56c
dc099432b5707c7d6ed85b5e9ab475c44067f911332aae0d16b2594b1d741a41
e1d5ab87fe1bc0121e1d2e0d5523d8f24cd68040f436410bb3530ad86c385575
f46473573c1bd9372cd44c830fc7cec27f4ea9b0d49164ce7fe1f38e58094153
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/211003-twypjsffcq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Unpacked files
SH256 hash:
2056fdb66896bbbf491ea0d31c64c5937f05fe1311dab22fd1dfa933038ef65b
MD5 hash:
35017215e01c6b1a44e76948c0aa5ba4
SHA1 hash:
5234bba8874bfc71fc540baa73262d4e43a5d68e
Link:
https://www.unpac.me/results/6b67591a-aea4-492a-bf24-b33d1825a5f5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2056fdb66896bbbf491ea0d31c64c5937f05fe1311dab22fd1dfa933038ef65b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2056fdb66896bbbf491ea0d31c64c5937f05fe1311dab22fd1dfa933038ef65b

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/194360/
  
URLhaus
https://urlhaus.abuse.ch/url/1584973/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1586513/

Comments