MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2742cfe802405a6fec11b086434a4870f493b6931fd427b8b01ca797ca80732e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2742cfe802405a6fec11b086434a4870f493b6931fd427b8b01ca797ca80732e
SHA3-384 hash: 943800d0606e822ab9d5c40ea0a7a24533e93d70e5dd6117e87aa7fb466be598319d1af8c0d144754304c36446f0de96
SHA1 hash: a308964ee8f3bf7016946d2d191cfc6fdba5e162
MD5 hash: cc001dbab8807653687d5d65d7c39f86
humanhash: double-wyoming-black-minnesota
File name:cc001dbab8807653687d5d65d7c39f86
Download: download sample
File size:123'904 bytes
First seen:2022-01-31 00:42:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7182b1ea6f92adbf459a2c65d8d4dd9e (5 x CoinMiner, 4 x RedLineStealer, 4 x DCRat)
ssdeep 3072:MV3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnPHV:ht5hBPi0BW69hd1MMdxPe9N9uA069TB1
Threatray 2 similar samples on MalwareBazaar
TLSH T1F3C3276AB2E01198DBF581F6D5920746EB7074711B15A3DB2BB863B31B2B8C58F3D390
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
169
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cc001dbab8807653687d5d65d7c39f86
Verdict:
No threats detected
Analysis date:
2022-01-31 00:51:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e65fc13e-5ede-49b2-aaad-8f337cc61d1b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/228198/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34588367.15193.4194.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
Launching a process
Creating a file
DNS request
Transferring files using the Background Intelligent Transfer Service (BITS)
Sending a custom TCP request
Enabling the 'hidden' option for files in the %temp% directory
Moving a file to the %temp% subdirectory
Creating a process from a recently created file
Searching for synchronization primitives
Creating a window
Launching cmd.exe command interpreter
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5539/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/61f73099fc92af0d80a683c4/reports/892f8275-4a38-4507-bcfd-041aab502ff6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a00a198d-03de-44ec-b2ab-af039168aabe
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
46 / 100
Link:
https://www.joesandbox.com/analysis/930615
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2742cfe802405a6fec11b086434a4870f493b6931fd427b8b01ca797ca80732e/
Threat name:
Win64.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2022-01-24 12:19:04 UTC
File Type:
PE+ (Exe)
Extracted files:
2
AV detection:
31 of 43 (72.09%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
ab364fb5736706c62b5c0b4d675d68028c10fb7ed99210e6b3bf490010cde8b0
fc1b7bced544df8bcc71b729d5574092bf2e96660498a919fcc7f420c1c0ccc7
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220131-a2yf7addh8/
Behaviour
Creates scheduled task(s)
Delays execution with timeout.exe
Download via BitsAdmin
Modifies data under HKEY_USERS
Modifies registry class
Script User-Agent
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Windows directory
Drops file in System32 directory
Suspicious use of SetThreadContext
Loads dropped DLL
Downloads MZ/PE file
Executes dropped EXE
Suspicious use of NtCreateProcessExOtherParentProcess
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
2742cfe802405a6fec11b086434a4870f493b6931fd427b8b01ca797ca80732e
MD5 hash:
cc001dbab8807653687d5d65d7c39f86
SHA1 hash:
a308964ee8f3bf7016946d2d191cfc6fdba5e162
Link:
https://www.unpac.me/results/fd71b6f0-f407-48d7-894e-77cc5492419c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.73
Link:
https://yomi.yoroi.company/submissions/2742cfe802405a6fec11b086434a4870f493b6931fd427b8b01ca797ca80732e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2742cfe802405a6fec11b086434a4870f493b6931fd427b8b01ca797ca80732e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2017235/
Cape
Cape
https://www.capesandbox.com/analysis/228198/

Comments


Avatar
zbet commented on 2022-01-31 00:42:48 UTC

url : hxxp://f1cheats.org/thisisthemostepicgamerurlicouldthinkof/f1cheatsnew.exe