MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27b6d10903852d398a72b96b736d4f9811e005bb5dc5451143584af7e0562325. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27b6d10903852d398a72b96b736d4f9811e005bb5dc5451143584af7e0562325
SHA3-384 hash: 3e5604f6d024614ae39c9d7df4f2470c6a0c713f6078e73a8ea5fc4b137e3e53e149da5d39ad993f11054d269b716d78
SHA1 hash: 87623fad6d319c78fb5bb1d0a2055dd311f81952
MD5 hash: 5b7776f8ceacbee5f75cc0b22841efcf
humanhash: tennessee-twenty-march-black
File name:5b7776f8ceacbee5f75cc0b22841efcf.exe
Download: download sample
File size:210'432 bytes
First seen:2021-08-11 16:14:07 UTC
Last seen:2021-08-11 17:06:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a4e471c7fd9fdda76efc364ccf330c71 (4 x RaccoonStealer, 1 x DanaBot, 1 x RedLineStealer)
ssdeep 3072:T7XOJPOW4+oTzvAUalQM5dzlkwoplScsYh6gSVywo3c+:TJWUvAluQ7knGyHM
Threatray 267 similar samples on MalwareBazaar
TLSH T1D224BE317EBCC872D49595304422CBE42A3FFD61BA645507379836AFFEB03D1266638A
dhash icon 4839b2b0e8c38890 (105 x RaccoonStealer, 38 x Smoke Loader, 33 x RedLineStealer)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5b7776f8ceacbee5f75cc0b22841efcf.exe
Verdict:
Malicious activity
Analysis date:
2021-08-11 16:17:05 UTC
Tags:
installer
Link:
https://app.any.run/tasks/c713c6c7-8a10-41f7-94ba-6e51b0a0957a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/178341/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop18.23270.4926.21843.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Launching a process
Sending a UDP request
Creating a process from a recently created file
Enabling autorun by creating a file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3efeaaaf-246b-4983-b51e-b8aac1974137
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/831128
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/27b6d10903852d398a72b96b736d4f9811e005bb5dc5451143584af7e0562325/
Threat name:
Win32.Ransomware.Aicat
Create hunting rule
Status:
Malicious
First seen:
2021-08-11 14:48:46 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0503af61fcc1260a86771eb486d9f01df5ca37f3634d248c739322dcba03ae7b
29924af043739881674c7d7ac9d2d08a5021e41484a49f28ee43d253cb9e3be7
30dbf8a38ef44fcafeb10cf5339d7e124773d1c7f33e269f1100b6c4f93a134b
4db326a2737abb2f7822cebea35e82135f7577feb6ba7f0e5657afe2a0f3d0c9
5d7545aed39d6e4579ab79537c3c8c398dd60b537a22130464d1c1151befa73c
69ac14ed2f1e37e37c70d7d60bd299703931017c43f5166055a43a651882c83d
6ef0190cda06f62044e6aed620b74d3b1c588bdafd3c491ae729b0ef25dc00a5
94d5244c6d029eff0002989cb51a3ec3167217533d3eec2f38aeee74ff5c818e
975a47f1778cdcf8055715b9351f32315ca77bb0b4c237ae473efdeec558dd7c
a0bd573a180420b6866b638039e91f90c678f83b7a40a0b3ccca68d891dafc32
+ 257 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210811-gpn9awtr5j/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
19189d845acac54398888e27a66eb3771588bbde2080d3d3aab138053aee89e0
MD5 hash:
d850f8d4823240e54f834f85e09bd9e7
SHA1 hash:
2b7d73ebe87cf045464714074b06e756e788d05d
Link:
https://www.unpac.me/results/a0ec9cbc-98c3-4f24-81f3-3ae36c007973/
SH256 hash:
27b6d10903852d398a72b96b736d4f9811e005bb5dc5451143584af7e0562325
MD5 hash:
5b7776f8ceacbee5f75cc0b22841efcf
SHA1 hash:
87623fad6d319c78fb5bb1d0a2055dd311f81952
Link:
https://www.unpac.me/results/a0ec9cbc-98c3-4f24-81f3-3ae36c007973/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/27b6d10903852d398a72b96b736d4f9811e005bb5dc5451143584af7e0562325

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 27b6d10903852d398a72b96b736d4f9811e005bb5dc5451143584af7e0562325

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/178341/
  
URLhaus
https://urlhaus.abuse.ch/url/1524258/
  
Delivery method
Distributed via web download

Comments