MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 266772997854ffcbdb98323e3bc9f2e43faae24e8330603bc44a9c2b9d40e262. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 9
| SHA256 hash: | 266772997854ffcbdb98323e3bc9f2e43faae24e8330603bc44a9c2b9d40e262 |
|---|---|
| SHA3-384 hash: | bbe15629e56992aeababefaa9954800ab7044f57c0c3ab708ec691266b3184a56d4ad0792583307273ea75b180d947b0 |
| SHA1 hash: | 3fa7c4fc90e7b474f06e2e7e243d2384673cace4 |
| MD5 hash: | b3e31d38a6391971f8dbc44e64a49d01 |
| humanhash: | potato-papa-speaker-indigo |
| File name: | b3e31d38a6391971f8dbc44e64a49d01 |
| Download: | download sample |
| File size: | 728'064 bytes |
| First seen: | 2022-05-07 14:53:53 UTC |
| Last seen: | Never |
| File type: | |
| MIME type: | application/x-dosexec |
| imphash | ffc63d9ecf6198940160ad003c5f8997 (1 x RedLineStealer, 1 x Stop) |
| ssdeep | 12288:jd5cqmwYnv/+GHBh7R1ZnrGR8bk1BqcyUCHV1o3pNwT:TzFav/hpRXnrGhqcyNHk3pNw |
| TLSH | T1F2F4F114BB91D039E0B611F08976C774B93E7EA2972484CF62E46BEE56346E0EC3171B |
| TrID | 39.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 29.5% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 9.9% (.EXE) Win64 Executable (generic) (10523/12/4) 6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.7% (.EXE) Win16 NE executable (generic) (5038/12/1) |
| File icon (PE): | |
| dhash icon | b2dacabecee6baa6 (148 x RedLineStealer, 145 x Stop, 100 x Smoke Loader) |
| Reporter | |
| Tags: | 32 exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
545
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b3e31d38a6391971f8dbc44e64a49d01
Verdict:
Malicious activity
Analysis date:
2022-05-07 14:55:34 UTC
Tags:
n/a
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Сreating synchronization primitives
Creating a window
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Sending a custom TCP request
Enabling autorun by creating a file
Result
Malware family:
n/a
Score:
8/10
Tags:
n/a
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
greyware packed ransomware
Malware family:
IntelRapid
Verdict:
Malicious
Result
Threat name:
Clipboard Hijacker
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Signature
Delayed program exit found
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Found stalling execution ending in API Sleep call
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Threat name:
Win32.Dropper.Scrop
Status:
Malicious
First seen:
2022-05-07 14:54:07 UTC
File Type:
PE (Exe)
Extracted files:
20
AV detection:
22 of 26 (84.62%)
Threat level:
3/5
Result
Malware family:
n/a
Score:
8/10
Tags:
n/a
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
99c036b4cedaa42c096b914851bf208de86bbd2e8055017cedf7b9a10256bbc9
MD5 hash:
f94ab634fe04f61641bada09f045f459
SHA1 hash:
7a4c66096585c04fb4c7671600dc92b14d572d0d
SH256 hash:
266772997854ffcbdb98323e3bc9f2e43faae24e8330603bc44a9c2b9d40e262
MD5 hash:
b3e31d38a6391971f8dbc44e64a49d01
SHA1 hash:
3fa7c4fc90e7b474f06e2e7e243d2384673cace4
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 266772997854ffcbdb98323e3bc9f2e43faae24e8330603bc44a9c2b9d40e262
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.url : hxxps://bonyansoft.com/forum/chrome.exe