MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3134b5fd08de63d297d25c334e59dbdc4bd83c2accff06900d3d03d1e68e6635. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3134b5fd08de63d297d25c334e59dbdc4bd83c2accff06900d3d03d1e68e6635
SHA3-384 hash: 130dbce76094fdde74211dfb4134721c1c21f6ada633ada7b10e61016facbe3d7920ece9fedf4a20b6f1a7a012bbd92f
SHA1 hash: c36fbfbda82ad91cfa609065363f461e0e7dca69
MD5 hash: 41957e3a46f80e10e2ef89ac565cc5ac
humanhash: colorado-edward-cardinal-tango
File name:41957e3a46f80e10e2ef89ac565cc5ac.exe
Download: download sample
File size:3'355'350 bytes
First seen:2021-06-14 08:21:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 98304:9baoIsWvLwZ95lQDYB3ppPKYIx3VyHG+o:9monhZrlBB5pXIxsmr
TLSH 64F522426581ECB1E6A0D8324935FA731534EC343B08895A5BF48E5BFD3E698DE12E73
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
41957e3a46f80e10e2ef89ac565cc5ac.exe
Verdict:
No threats detected
Analysis date:
2021-06-14 08:37:53 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e43f6aaf-8fd8-41f8-818a-321121e1e755

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.Rasftuby.Gen.14.10239.27368.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Creating a file in the %temp% directory
Creating a process from a recently created file
DNS request
Sending a UDP request
Unauthorized injection to a recently created process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b46552db-25cd-4771-b066-d84dda1e977a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
adwa.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/801660
Signature
Antivirus detection for URL or domain
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the hosts file
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Protects its processes via BreakOnTermination flag
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3134b5fd08de63d297d25c334e59dbdc4bd83c2accff06900d3d03d1e68e6635/
Threat name:
ByteCode-MSIL.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2021-06-13 20:57:54 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/210614-jx3c2nfjse/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Enumerates physical storage devices
Program crash
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Executes dropped EXE
Unpacked files
SH256 hash:
2c359ce857982f45b09af49dbccfb2ae302839acf1956e8325e7f854b339a8c9
MD5 hash:
7bcf61e29e5cbcd1b81d9ab72cbfed93
SHA1 hash:
d082613177dd1711c18426d4f83921dd932bc7b1
Link:
https://www.unpac.me/results/43ac5dd8-5935-4683-8657-abdf47353693/
SH256 hash:
1117b7723204594e1c5de65f367e1a916135bc239aa14f4b6b5130f18be7b779
MD5 hash:
8c72dbf970b6cf6cd11bf192810b562f
SHA1 hash:
a80aa7ef28bfec5eb7c5abb6dd5403bbc5d2dde4
Link:
https://www.unpac.me/results/43ac5dd8-5935-4683-8657-abdf47353693/
SH256 hash:
f3bac585827fcb05937590f14487822e0283f21fc876b013070611cda99a917f
MD5 hash:
a006782674dfbfec7928377619d8245d
SHA1 hash:
d478f07e83e6463a8cb6391487b78906f987e692
Link:
https://www.unpac.me/results/43ac5dd8-5935-4683-8657-abdf47353693/
SH256 hash:
3134b5fd08de63d297d25c334e59dbdc4bd83c2accff06900d3d03d1e68e6635
MD5 hash:
41957e3a46f80e10e2ef89ac565cc5ac
SHA1 hash:
c36fbfbda82ad91cfa609065363f461e0e7dca69
Link:
https://www.unpac.me/results/43ac5dd8-5935-4683-8657-abdf47353693/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3134b5fd08de63d297d25c334e59dbdc4bd83c2accff06900d3d03d1e68e6635

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 3134b5fd08de63d297d25c334e59dbdc4bd83c2accff06900d3d03d1e68e6635

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1352701/
  
Delivery method
Distributed via web download

Comments