MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 331df11f37914f6198f16dd51527abfecd77ff93fd875970f16e92978047ec74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 331df11f37914f6198f16dd51527abfecd77ff93fd875970f16e92978047ec74
SHA3-384 hash: 2f9e6e0eca9d6c32dccd2df17dc54be6cc682d474a852464abb5101ea46081e64d85a2886d96987819badc47f138efd1
SHA1 hash: 2b1b5aa4f8807d2e5f7523828140a8169b118727
MD5 hash: cdfb55fc43a7b0a4e5e13f8c0af5f6a6
humanhash: fix-queen-maryland-sierra
File name:cdfb55fc43a7b0a4e5e13f8c0af5f6a6
Download: download sample
File size:166'816 bytes
First seen:2021-11-13 07:11:21 UTC
Last seen:2021-11-13 09:17:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 88ea31429606f3c27e7c33b4ee10c07a (4 x RedLineStealer, 2 x Smoke Loader, 1 x ArkeiStealer)
ssdeep 3072:g7VUQyGGiy24YKuDbqxXoaeHCi59zP+NVs75DopZa9uD6VdyhkOMLzD:uyGGiynYKQq6akdP+NVs75swVfNLf
Threatray 469 similar samples on MalwareBazaar
TLSH T1D3F3AD10F7E3A836F5A62E30587487A11B76FD32A570414BEB5C166E0EBB3D08AB5713
File icon (PE):PE icon
dhash icon fcfcd4d4d4d4d8c0 (75 x RedLineStealer, 56 x RaccoonStealer, 23 x Smoke Loader)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/205406/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.31421.30231.5386.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Launching a process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
clipper greyware lockbit overlay packed
Link:
https://www.filescan.io/uploads/618f65453edf00a722d195c9/reports/b7ca7686-5abe-4d81-96fa-23eb0b1c4cdf/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/35ae0779-23f2-4660-aa52-1a26722e1474
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/888483
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Bypass UAC via Fodhelper.exe
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/331df11f37914f6198f16dd51527abfecd77ff93fd875970f16e92978047ec74/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-11-13 03:39:00 UTC
AV detection:
26 of 27 (96.30%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
00c23828efd45ceba67fa28446d82b41f71acd12fdbdfe192bb39bea0fa498b0
10323331242e0a29bdd759ee2cf3f7df01d7416ae42d859809d7e4fc201558f1
370f5dbb2a09cfbbe1c493b7942294c12eb9aca8b03d48db57512e0ad543ced3
63a750b664882a0d7a4f40b6f4e0f1fdc8fc78763428389685a1c54d92950d2c
6c2ad98af84288aff6f49ae92f9f71befbfaa4ac35d1a05b1441f1ce15124ee0
709aff2453909486058b4b46d2e53dc9bb970aaa2966bae1986e9de0c4b1836d
b8e05ba065604fb4b63186a56a3da30bccd7c0555b042fff1a1c64ad43391ad0
c45f83e94f84a46b3188d8415ce92c872fed63b2fc903a9530bfc82b15651760
c5c0fbca778f53dc085d84ad3f038e4a20bce7add5f07012594194bc3bca522a
c95da0845725887bae37ff3b553fb6c8fc915dd356a2051d778842e35a81c1d9
+ 459 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211113-h1hncabfgm/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
f3c1eac9090638efca2c6db6b737c3dfa0676c2d7882eb7473719e0dd27a99cb
MD5 hash:
5cd541e806f1da91ae350657712cda9a
SHA1 hash:
1d345d220265879e82cbb96eeb8b9a54b688641f
Link:
https://www.unpac.me/results/edd2312b-8303-403f-b73a-b138b8a4dfac/
SH256 hash:
331df11f37914f6198f16dd51527abfecd77ff93fd875970f16e92978047ec74
MD5 hash:
cdfb55fc43a7b0a4e5e13f8c0af5f6a6
SHA1 hash:
2b1b5aa4f8807d2e5f7523828140a8169b118727
Link:
https://www.unpac.me/results/edd2312b-8303-403f-b73a-b138b8a4dfac/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 331df11f37914f6198f16dd51527abfecd77ff93fd875970f16e92978047ec74

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1782279/
Cape
Cape
https://www.capesandbox.com/analysis/205406/
  
URLhaus
https://urlhaus.abuse.ch/url/1783410/

Comments


Avatar
zbet commented on 2021-11-13 07:11:22 UTC

url : hxxp://201.163.99.83/S.exe