MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ca379c11ebd765c2ce3cfffaa06598e23a52ac5e78f9e757d4f6f77311d6c8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ca379c11ebd765c2ce3cfffaa06598e23a52ac5e78f9e757d4f6f77311d6c8d
SHA3-384 hash: 40227bc57430d57d71e2e0dd77935993ecb2e4dd69c18e77e001eb0827a78f094ec9d5d56c11f2e3dfd30a35f576697f
SHA1 hash: c8d4f696f207652661e211db2a8d96a86fca3eb4
MD5 hash: cd0ae43b8fb61d6311259e5b1dba9a94
humanhash: sad-mars-vegan-uniform
File name:cd0ae43b8fb61d6311259e5b1dba9a94.exe
Download: download sample
File size:1'837'280 bytes
First seen:2023-07-08 08:21:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 30d1665d4c796f53fba13defcdef7cf1 (2 x Metasploit, 1 x Meterpreter)
ssdeep 49152:kWhSV4BfJXAEgbCFAIBc4DD3X8u37Grn06QTl1:kWhSeBfKEVeL4UKSj06q1
Threatray 543 similar samples on MalwareBazaar
TLSH T1008523037FC4C573C6621A325B659B216B7EF8340F60DECF5392986DA970AC097366A3
TrID 88.3% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
4.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
2.0% (.EXE) Win32 Executable (generic) (4505/5/1)
0.9% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon b3b3b371716b93b3 (25 x CryptOne, 12 x RemcosRAT, 6 x RedLineStealer)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
263
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cd0ae43b8fb61d6311259e5b1dba9a94.exe
Verdict:
Suspicious activity
Analysis date:
2023-07-08 08:25:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ffd89cea-c8c2-4417-9b0e-bcfdd944ab0e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/411448/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.68035117.11039.31811.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the %temp% directory
Launching a process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm control fauppod greyware lolbin overlay packed replace setupapi shdocvw shell32
Link:
https://www.filescan.io/uploads/64a91cab2333b198b23974aa/reports/ab35283d-4b36-4ac7-bea4-73bcc9d40156/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/2ca379c11ebd765c2ce3cfffaa06598e23a52ac5e78f9e757d4f6f77311d6c8d
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cd633a3a-203c-4b45-9af5-1d56f846763a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2ca379c11ebd765c2ce3cfffaa06598e23a52ac5e78f9e757d4f6f77311d6c8d/
Threat name:
Win32.Trojan.InjectorX
Create hunting rule
Status:
Malicious
First seen:
2023-07-07 14:32:57 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
19 of 36 (52.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fsrxtqi6xv3fylhdz772ubszryr2kkwf46hz45l5j5xxomi5nsgq._file
Verdict:
malicious
Similar samples:
0a0c50dbc5d0c9811bfd0552ddd075e0e1df2cf07049cc546e41f9bf08cb8290
4508befe4b8012035c52c7aaccbe89b9f75919bdcc86feb8fe79ae01fdea8179
92b4f87f9ef64d1b37a657742438e136f72434dde1b8d30865e419534fdd8260
a040c35ef32cbe289d5bc2b8014adcb961ab3aed1e2873d1f2e335933e97927b
c4185edddd23b3eea055e7036122c20162dbe47b6b4bed05e471f01594256851
c5999e49c8ee21282c720c466cb71cff26ced8c5c03193c33b993d7deacd6bb3
cf76ac64d1038d54fa178a67712a4916e021b6b381241b44c2ceed7428ba4692
db460c5aa2fac933fb349df4a547a31a78b5d5e39f0df6bca9746a50c45ad309
+ 533 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230708-j9j37sda92/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
947e419b32724ac5ce819013865d88264f8577f5c4f4eaa08661abbfc63e278e
MD5 hash:
8cba94c5b5da96c84cce8de390fb7a13
SHA1 hash:
4d893f7234d144cf2cdaaf5a01b3224c7a104e29
Link:
https://www.unpac.me/results/82884b72-0b0a-4fc4-a3d8-47dfebd87fd8/
SH256 hash:
2ca379c11ebd765c2ce3cfffaa06598e23a52ac5e78f9e757d4f6f77311d6c8d
MD5 hash:
cd0ae43b8fb61d6311259e5b1dba9a94
SHA1 hash:
c8d4f696f207652661e211db2a8d96a86fca3eb4
Link:
https://www.unpac.me/results/82884b72-0b0a-4fc4-a3d8-47dfebd87fd8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2ca379c11ebd765c2ce3cfffaa06598e23a52ac5e78f9e757d4f6f77311d6c8d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2ca379c11ebd765c2ce3cfffaa06598e23a52ac5e78f9e757d4f6f77311d6c8d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2675870/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/411448/

Comments