MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33e686777d4e60947c1bc7d7743f006901dd209ae7fa9c6bd3d758dfc9b0aafc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	33e686777d4e60947c1bc7d7743f006901dd209ae7fa9c6bd3d758dfc9b0aafc
SHA3-384 hash:	a80b9094a614fe49107bb9835f533bbd8b3224d11c62046811ca7015311a370c92eefe21dc620578fa9880a26ff4e232
SHA1 hash:	c03b67bcfbf73d7c95d0820d7e158cb2f08e0224
MD5 hash:	adf0a828bd075a549e39b4f4033ca56b
humanhash:	twenty-golf-mirror-paris
File name:	SecuriteInfo.com.Trojan.Uztuby.4.3322.12795
Download:	download sample
File size:	1'641'433 bytes
First seen:	2023-07-03 16:36:23 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0ae9e38912ff6bd742a1b9e5c003576a (10 x DCRat, 7 x RedLineStealer, 4 x AsyncRAT)
ssdeep	49152:PaqbM0yfkQhdigQZDZYe60q/7vmTEFC2WE:PuPigQZDZu6TEfWE
Threatray	563 similar samples on MalwareBazaar
TLSH	T1A87522017BC28972D4B324735E396B21BA3D7C205F758ACB93845D6EDD361C08A36B76
TrID	89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39) 3.5% (.EXE) Win64 Executable (generic) (10523/12/4) 2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 1.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

299

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Trojan.Uztuby.4.3322.12795

Verdict:

Suspicious activity

Analysis date:

2023-07-03 16:37:03 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/418616ce-c021-4ed0-bb22-19151fb1159c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/406045/

Detection(s):

SecuriteInfo.com.Trojan.Uztuby.4.3322.12795.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Searching for the window

Сreating synchronization primitives

Searching for synchronization primitives

Creating a file in the %temp% directory

Launching a process

Sending a custom TCP request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/95404/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm fauppod greyware lolbin overlay packed packed replace setupapi shdocvw shell32

Link:

https://www.filescan.io/uploads/64a2f92ecf99e7a5cfcca2a0/reports/296fdaf5-6978-4b68-8194-e104cb3f7b66/overview

Verdict:

Malicious

Labled as:

Trojan.Uztuby

Link:

https://www.hybrid-analysis.com/sample/33e686777d4e60947c1bc7d7743f006901dd209ae7fa9c6bd3d758dfc9b0aafc

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/c6627bf6-89d6-480b-82bc-5535c77bfe24

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1266094

Signature

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Tries to detect sandboxes / dynamic malware analysis system (file name check)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/33e686777d4e60947c1bc7d7743f006901dd209ae7fa9c6bd3d758dfc9b0aafc/

Threat name:

Win32.Trojan.Amadey

Status:

Malicious

First seen:

2023-07-03 16:37:04 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

16 of 24 (66.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gptim535jzqji7a3y7lxipyanea52ie2475jy26t25mn7snqvl6a._file

Verdict:

malicious

2c66b37d72afdca33b587fcb09b635d4691d832de02f0423053ade3da69242a8

35e5460c102ca2f996d61d70d6bb06fb87014f7d2beccf35f3812ea534acd9d5

8525d0bc1e38bb74d592de9be2615da94ec0b81e611b0e456b3a51c40ab5baa3

e905f262f2ec981ddf92c94fe44d96c14195f9bf0815f204c2c4197b16dbb053

f8a021222ad2ca32a7b3562f643d95401efca4ccd44c814f6107a0c828bee235

fba557d1ea30dc5810637b80408cc8d6491f33e5cb4def703f2b3413d476d93d

+ 553 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/230703-t4ss9sae5t/

Behaviour

Modifies registry class

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Loads dropped DLL

Unpacked files

SH256 hash:

746399c1ca14177f6218cc8b4921c670df6b324bab648383b97411f2f26ec6e9

MD5 hash:

490cf5e26cafce308a313d6bbef7f3de

SHA1 hash:

0afaa771d6fad50884e8b383a8e60174c7cb7929

Link:

https://www.unpac.me/results/9c7c2bc3-3635-4172-a15c-ff835a247f22/

SH256 hash:

33e686777d4e60947c1bc7d7743f006901dd209ae7fa9c6bd3d758dfc9b0aafc

MD5 hash:

adf0a828bd075a549e39b4f4033ca56b

SHA1 hash:

c03b67bcfbf73d7c95d0820d7e158cb2f08e0224

Link:

https://www.unpac.me/results/9c7c2bc3-3635-4172-a15c-ff835a247f22/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/406045/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample