MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8
SHA3-384 hash: ec8027e514f51cbe515ea0a504c5bd00b8b2efb6e5118efe92fa6516ab0ab9729a74ec6cb127ce5a9ba13ec6e9174085
SHA1 hash: c4485de9561ce8fbec9847914f224148fce9ded7
MD5 hash: b880788e5f0126af825b7a6639c68e6b
humanhash: social-don-march-robin
File name:b880788e5f0126af825b7a6639c68e6b.exe
Download: download sample
File size:431'616 bytes
First seen:2021-12-07 15:26:32 UTC
Last seen:2021-12-07 16:39:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bd61429d86f194f3b84d97af55b8c371 (3 x RedLineStealer, 1 x Amadey, 1 x RaccoonStealer)
ssdeep 12288:UV+xokRzzyFq1qoNecaNnBLbcxlRm7k32yTx1F+:M+xoMzyZ3rNh+/1BTLF+
Threatray 88 similar samples on MalwareBazaar
TLSH T1E794BF10E6E0D035F1F712F85AB9D368A93E7DA19B7494CB52D466EA0778AD0EC3130B
File icon (PE):PE icon
dhash icon b2dacabecee6baa6 (148 x RedLineStealer, 145 x Stop, 100 x Smoke Loader)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8
Verdict:
Malicious activity
Analysis date:
2021-12-07 19:25:32 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/eba81864-ff2d-4ecf-85b3-74454e3b6538

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/212198/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.9556.27295.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/1238/overview
Behaviour
MeasuringTime
SystemUptime
CheckCmdLine
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61af7d484d8e6f3a5e173cc5/reports/8bb7acb5-6f6d-4022-9788-f1498324e825/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f4ff83ce-5e8d-484f-99fe-39a42c667c09
Result
Threat name:
MedusaHTTP
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/903198
Signature
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Yara detected MedusaHTTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-12-07 15:27:08 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
071cd8b46610c8e896a184a0b92dcaf7770c36badbdbdf3179cbfc208084e919
0d054d4b3068ea7f877963a9be8a71581cb0396a309f65e0a95a45ac1e758d62
500fac9441ad73605875e83b17b9d116ef8e016131f7e5dc19ae0a2ebbf701ea
521ee4ebc055c938cef4592146f0db06bdc9785e06cec3137d9a6eeca4d10c51
a9dc8bc2e80847e41c306c393801632e02efcd1a516cea1104912c4ccaefa8a6
d035415df5f3a9180697a6aa8e8561e3cbc6a8c561be653247d8a93dc64c556a
e62f9557a44b5453784420d0e4b4f341a78176ee91d6cc99298bcf465c3fb943
f8daaa065a27508babcd8e898c3f1eda824531105cdcf07ceceee2fda53d5a5f
+ 78 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/211207-svrdeadga5/
Behaviour
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Unpacked files
SH256 hash:
879d4fb3080ee21ff958e9a4b98d4a1d9711c8e03f8272b2bed24b0a37e5ac64
MD5 hash:
bfd7a642e745eea5cecf70bfb4cda3f8
SHA1 hash:
ff5ae19506714f99383a614096b0f067d22cd6ae
Link:
https://www.unpac.me/results/99b813fd-732d-4e32-b83d-471901211177/
SH256 hash:
233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8
MD5 hash:
b880788e5f0126af825b7a6639c68e6b
SHA1 hash:
c4485de9561ce8fbec9847914f224148fce9ded7
Link:
https://www.unpac.me/results/99b813fd-732d-4e32-b83d-471901211177/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/212198/

Comments