MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 227d3c5db3775b35dd5f537583396cbbf29dba49eabc3d30c512a8c0b3565e61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 227d3c5db3775b35dd5f537583396cbbf29dba49eabc3d30c512a8c0b3565e61
SHA3-384 hash: 90964ab10fd0e45510b252e58bb185724f502a49cd6596246cc2247dd7df935df390a1ddc449a53e58efba142f1b3ca6
SHA1 hash: bc3a3d6aaf0e64046f8ab712d7f1fbb61f579fd2
MD5 hash: 52ff5d7ff5392908012de021d5881457
humanhash: mountain-sixteen-sink-ink
File name:52ff5d7ff5392908012de021d5881457.exe
Download: download sample
File size:1'118'720 bytes
First seen:2022-03-18 08:23:32 UTC
Last seen:2022-03-18 10:22:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 967b12eab7dccd6c3960c6d49c9bf773 (1 x RedLineStealer)
ssdeep 24576:OHw1q4KC9W3KMHhRya4t+zIoXuz5DzDBKk/V1e:ow1QCcKMHHIzBfBf/G
Threatray 10'939 similar samples on MalwareBazaar
TLSH T1AC3523113B21C471D0A67434AC53C1AE5E1A793399B2CD4BBEB5132EA9227C0F97936F
File icon (PE):PE icon
dhash icon 5c59da3c60c3c850 (2 x RedLineStealer, 1 x Amadey, 1 x Smoke Loader)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/252323/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.48646179.24067.18130.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Launching a process
Sending a custom TCP request
Sending an HTTP GET request
Creating a file in the %temp% directory
Сreating synchronization primitives
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Creating a process with a hidden window
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/9667/overview
Behaviour
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/623441aab94fb38cb4a129f4/reports/70646ac2-c3b2-4473-9058-b43da8db1ef7/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/64e34847-2306-434f-9c9a-beb0983d797a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/959308
Signature
Antivirus detection for URL or domain
Delayed program exit found
Machine Learning detection for sample
May use the Tor software to hide its network traffic
Multi AV Scanner detection for submitted file
Overwrites code with function prologues
Sigma detected: Suspicious Call by Ordinal
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/227d3c5db3775b35dd5f537583396cbbf29dba49eabc3d30c512a8c0b3565e61/
Threat name:
Win32.Trojan.DllCheck
Create hunting rule
Status:
Malicious
First seen:
2022-03-18 08:24:25 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0b4784972468b114e8fb957769af4aa76d1f050ef4913296f1a3c412afa5b49e
1857c7aef05e1ea2d590a42c55fe60f910b6a7473b7f4443d03d3f46759121bd
26d64a54a7d7c19a0c9c865c6ba67a4bbda227599f1e7d79e08a570637c4ea12
4e97c34bc866c9e70fca69b0375d14534d98bccfaae683924a08328c75ab5416
90ac445f282c66552b08d176d123635537170009fa83988ce5011aef18ba5fb9
97a1dadc6e1ccaa807240649c63f175169b0badaf65be530e98ad7790d69fc1e
a229aee8edf8ebb3b5e3e418879641216f49d6e00f8358a0debd4c00ddf825e9
ae2e9d6d5487e2ff62e528faf8f1ef5a13478eb76da536b2ed737b6a4967f876
d5faba20007266314cf176b9e49ccbc35c3fd2b0982fcd73f7b5794539b42e89
+ 10'929 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery suricata
Link:
https://tria.ge/reports/220318-kar57shacm/
Behaviour
Checks processor information in registry
Modifies registry class
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Program Files directory
Suspicious use of SetThreadContext
Checks installed software on the system
Blocklisted process makes network request
suricata: ET MALWARE Danabot Key Exchange Request
Unpacked files
SH256 hash:
c020f189555c6dd2ba14902b33edde72349cc972d51c1b38be2fd837ecd55c64
MD5 hash:
20fb087d28bf366eff7d957865bddac1
SHA1 hash:
c62cc64e4852be32c54e1141eb90d76564a0c8b7
Link:
https://www.unpac.me/results/bcd05289-05b3-49f4-95df-ee283ee0b9cf/
SH256 hash:
227d3c5db3775b35dd5f537583396cbbf29dba49eabc3d30c512a8c0b3565e61
MD5 hash:
52ff5d7ff5392908012de021d5881457
SHA1 hash:
bc3a3d6aaf0e64046f8ab712d7f1fbb61f579fd2
Link:
https://www.unpac.me/results/bcd05289-05b3-49f4-95df-ee283ee0b9cf/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/227d3c5db377/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/227d3c5db3775b35dd5f537583396cbbf29dba49eabc3d30c512a8c0b3565e61

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/252323/

Comments