MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2fb1cb5c89b04385b88b2b254602c0706c6d0530f7433ad4586000bfcbf73507. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2fb1cb5c89b04385b88b2b254602c0706c6d0530f7433ad4586000bfcbf73507
SHA3-384 hash: e477e11e23f8b4dd86afb11af78bd9e54591a3888c1338d9d704f3c28b0e611d35bfe7ec250817b0d112e5c8155145a1
SHA1 hash: 2a85bdd1c30e40d12329663aaa92d45c47f88672
MD5 hash: 2f672c28d4d6c7009476ff8ab523cdbf
humanhash: winner-sixteen-jupiter-michigan
File name:2f672c28d4d6c7009476ff8ab523cdbf
Download: download sample
File size:415'232 bytes
First seen:2021-08-22 22:53:25 UTC
Last seen:2021-08-22 23:58:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0651d9dcd3efcdffaff927d730c581e7 (3 x Amadey, 2 x RaccoonStealer, 2 x RedLineStealer)
ssdeep 6144:sVWyaVJA/zSukdI2BT8OhuOw+4P4gtnnggz3cdV2fORtvK1NPkmuXIYR7:DFV+rSut2BT7QnR1nnz0YfKSMmuXI8
Threatray 8 similar samples on MalwareBazaar
TLSH T1C994D024BBA1C034F5F712F559B683B8792979B1AB3440CB62D516EE06387E8DC313A7
dhash icon ead8a89cc6e68ea0 (25 x RaccoonStealer, 8 x DanaBot, 8 x RedLineStealer)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2f672c28d4d6c7009476ff8ab523cdbf
Verdict:
Malicious activity
Analysis date:
2021-08-22 22:56:35 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/c1554f81-915b-4fa3-9232-73f08f540424

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
zeus
Create hunting rule
Link:
https://www.capesandbox.com/analysis/181314/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen3.2354.11101.30363.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Creating a window
Connection attempt
Sending an HTTP GET request
Sending a UDP request
Deleting of the original file
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/93583cca-58dd-4e3d-bea3-604d5e9e5436
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/837175
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 469606 Sample: xqZ6MGMcgw Startdate: 23/08/2021 Architecture: WINDOWS Score: 64 44 Multi AV Scanner detection for submitted file 2->44 46 Machine Learning detection for sample 2->46 7 xqZ6MGMcgw.exe 3 2->7         started        process3 file4 28 C:\ProgramData\YpuCcrbYeH.exe, PE32 7->28 dropped 30 C:\...\YpuCcrbYeH.exe:Zone.Identifier, ASCII 7->30 dropped 10 YpuCcrbYeH.exe 12 7->10         started        13 WerFault.exe 9 7->13         started        16 WerFault.exe 9 7->16         started        18 4 other processes 7->18 process5 file6 48 Multi AV Scanner detection for dropped file 10->48 50 Machine Learning detection for dropped file 10->50 20 WerFault.exe 17 9 10->20         started        22 WerFault.exe 10->22         started        24 WerFault.exe 10->24         started        26 WerFault.exe 10->26         started        32 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 13->32 dropped 34 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 16->34 dropped 36 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 18->36 dropped 38 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 18->38 dropped 40 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 18->40 dropped 42 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 18->42 dropped signatures7 process8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2fb1cb5c89b04385b88b2b254602c0706c6d0530f7433ad4586000bfcbf73507/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-08-22 22:54:05 UTC
AV detection:
18 of 46 (39.13%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1a512b670911187dd2cc6a04b8da5d96b70df6129234b4fd97e30fcda7470365
4cca9091484e1b53c182d79607fe3c334c19176a1d5f8f91624c3565e24f49b8
8f5b300680db95b545347229941acb9113690ab187cd7ac7b2cc601b9e31a205
91dd3fa11964f4432bb43ee5f63580d53ba35dfdcfd5d8ec1b0e00f3f7b20258
a050c0bd12d9a09611dbce5d20787e37f907996908edb311570530feab91efed
c84efa5991ab32373624d35d1cf4921ea0f9c2eb52d5703d059d5cba39280087
dbfcb39858d204c1cb35ea01fb3720cbeadd262eb300ee41050630c6087af7ae
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210822-t692c26g76/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Deletes itself
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
ed08cb5a40ff40bfa398b1a3ac6d2ab9cc92b56e971287c94463dd389fb5f26a
MD5 hash:
d299991063d72d9e2b9d93f6cc1cb70d
SHA1 hash:
48c115b11a614aeb6c7575bc0e7966a4d4cc7cb2
Link:
https://www.unpac.me/results/015fe819-e1e7-47f5-ba17-76f3a05d29ae/
SH256 hash:
2fb1cb5c89b04385b88b2b254602c0706c6d0530f7433ad4586000bfcbf73507
MD5 hash:
2f672c28d4d6c7009476ff8ab523cdbf
SHA1 hash:
2a85bdd1c30e40d12329663aaa92d45c47f88672
Link:
https://www.unpac.me/results/015fe819-e1e7-47f5-ba17-76f3a05d29ae/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2fb1cb5c89b04385b88b2b254602c0706c6d0530f7433ad4586000bfcbf73507

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2fb1cb5c89b04385b88b2b254602c0706c6d0530f7433ad4586000bfcbf73507

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1529939/
  
URLhaus
https://urlhaus.abuse.ch/url/1525305/
  
URLhaus
https://urlhaus.abuse.ch/url/1523998/
  
URLhaus
https://urlhaus.abuse.ch/url/1524012/
Cape
Cape
https://www.capesandbox.com/analysis/181314/

Comments


Avatar
zbet commented on 2021-08-22 22:53:26 UTC

url : hxxp://193.56.146.55/Api/GetFile3/