MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2371fc811305f14278c9d0831966fc26c928a10453e8cf61afd98787c8ece126. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2371fc811305f14278c9d0831966fc26c928a10453e8cf61afd98787c8ece126
SHA3-384 hash: 96d0739f4e7c9f821cf7341828aa427b3edad80d70c560b834975216cbac16dd12e37f8d16fdce1941d6bc46648192fe
SHA1 hash: b52bda818c6ece4ca634e773a18ed29e5d1d1021
MD5 hash: cb4fdcd11d0a7dbf394012160e1cc9aa
humanhash: mike-five-fruit-muppet
File name:cytat.exe
Download: download sample
File size:325'756 bytes
First seen:2022-02-21 12:26:15 UTC
Last seen:2022-02-21 13:54:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 099c0646ea7282d232219f8807883be0 (476 x Formbook, 210 x Loki, 107 x AgentTesla)
ssdeep 6144:owDNn/5h6vER+MmbsuiZ64hDeNXWLC2e8G5Xe:PB5h6Ms5ortcn2NG4
Threatray 3'449 similar samples on MalwareBazaar
TLSH T17D642322A9F5E9F2E91B20708C7B877FDA762343271A05476B688F7E15230DBD45B183
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter lowmal3
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
207
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/242958/
Detection(s):
SecuriteInfo.com.FakeAV.CXA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Creating a window
Creating a process from a recently created file
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/6213851dac8ad0468b60c852/reports/f66b2248-d194-456b-bd0a-ce7292f1506b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/22a452f4-b0fc-4b3b-bcd2-a819d13bf7cf
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/943219
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 575697 Sample: cytat.exe Startdate: 21/02/2022 Architecture: WINDOWS Score: 52 18 Multi AV Scanner detection for submitted file 2->18 20 Machine Learning detection for sample 2->20 7 cytat.exe 19 2->7         started        process3 file4 16 C:\Users\user\AppData\...\mvqxsrbxed.exe, PE32 7->16 dropped 10 mvqxsrbxed.exe 1 7->10         started        process5 process6 12 WerFault.exe 23 9 10->12         started        14 conhost.exe 10->14         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2371fc811305f14278c9d0831966fc26c928a10453e8cf61afd98787c8ece126/
Threat name:
Win32.Downloader.WinLnk
Create hunting rule
Status:
Malicious
First seen:
2022-02-21 12:27:10 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
14 of 27 (51.85%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eny7zaitaxyue6gj2cbrszx4e3esriiekpum6ynp3gdypshm4eta._file
Verdict:
malicious
Similar samples:
15ad64ff3dd6133508d70bd89f0be4390a286619ad3d085f22e07ee057da0c6f
31168981af16e0fc209774a91e04e5aaf622cacbed12e970b7a35db0705174d6
4438d4e1f146212137b1c26f4d17c2f1db26883564b88cfdf0ca8436500586e9
7096f1d2fd14899772fd59c0c7108372d4159ae301b5a790a83c3b42fd366b06
94517fa5a38b384136a3027f7588daa605494dd888e4658cb89d521f5fb2d55a
effd0df81d379a3d84ca32d0c345555636736d37c144475effb2d629f5d2eca1
fcccde6b56dbe8650273f1d67957a1adc1dd0e783d43d6543da7a44696731292
ff0b124c254ddf4b3bd11079d2475ff96a1b1e3e2ab6ffe4edbc7443c02c65df
+ 3'439 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220221-pmrgnaabe2/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
391e9c211ef526fc77c3e6a7bf41d4f58cba52cf4c20394e44b73420c36c50b3
MD5 hash:
c457910bc6b617f22f9f3c5c639292b6
SHA1 hash:
5d41e489e418ba10582272c36065569d79953884
Link:
https://www.unpac.me/results/4ae3d4bd-ba8c-4f71-b7c6-a4685e11d3b1/
SH256 hash:
2371fc811305f14278c9d0831966fc26c928a10453e8cf61afd98787c8ece126
MD5 hash:
cb4fdcd11d0a7dbf394012160e1cc9aa
SHA1 hash:
b52bda818c6ece4ca634e773a18ed29e5d1d1021
Link:
https://www.unpac.me/results/4ae3d4bd-ba8c-4f71-b7c6-a4685e11d3b1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.48
Link:
https://yomi.yoroi.company/submissions/2371fc811305f14278c9d0831966fc26c928a10453e8cf61afd98787c8ece126

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 2371fc811305f14278c9d0831966fc26c928a10453e8cf61afd98787c8ece126

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/242958/

Comments