MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35616cb24994c8f53d586c6a5959c1011331e4c224be38bb5de08ee89378ecb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	35616cb24994c8f53d586c6a5959c1011331e4c224be38bb5de08ee89378ecb8
SHA3-384 hash:	49d7f435daa546cb177a211dc860cabb7f93728d4410e875ee87e948d9786710efb452af9dbcae0732b8f03bb24f4c4f
SHA1 hash:	bfecec9c276ee08f078647a31d33e8fec597fc44
MD5 hash:	685c563cf8e54df63b4806e403bd06e4
humanhash:	jig-oklahoma-butter-indigo
File name:	685c563cf8e54df63b4806e403bd06e4.exe
Download:	download sample
File size:	136'704 bytes
First seen:	2022-01-02 07:47:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7182b1ea6f92adbf459a2c65d8d4dd9e (5 x CoinMiner, 4 x RedLineStealer, 4 x DCRat)
ssdeep	3072:0V3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnP807Qq:Zt5hBPi0BW69hd1MMdxPe9N9uA069TB3
Threatray	285 similar samples on MalwareBazaar
TLSH	T12ED33857B2A01198EBF581F6D9920746EB7074321711A3DB6B7863B31B2B8C59F3D3A0
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

260

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

685c563cf8e54df63b4806e403bd06e4.exe

Verdict:

No threats detected

Analysis date:

2022-01-02 07:49:58 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/2701b18d-fb76-4312-b5e8-8132ed1ea39d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/217067/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.34588367.15193.4194.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Сreating synchronization primitives

Running batch commands

Creating a process with a hidden window

Launching a process

DNS request

Sending a custom TCP request

Sending an HTTP GET request

Creating a file

Using the Windows Management Instrumentation requests

Launching the process to change network settings

Creating a process from a recently created file

Creating a window

Searching for synchronization primitives

Sending a UDP request

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/3674/overview

Behaviour

MalwareBazaar

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/61d158b78991ba72b3a56957/reports/f9447d24-3de6-4fe2-8cdf-ccee4a463b47/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/6dbd0a63-244d-43d2-bd26-451558800f84

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/914601

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/35616cb24994c8f53d586c6a5959c1011331e4c224be38bb5de08ee89378ecb8/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2021-12-29 02:30:19 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

13 of 23 (56.52%)

Threat level:

5/5

Verdict:

malicious

33358691144fd04943b0de774643ba673448b6d7e616d482beb5200d09f9beeb

43a1ee058eb0b771d9f9b179cb51a5b56a1c3ae8bdc211edeb8486f89e3bc10f

46802842ff967e3810af08e372b0f969de57f2ed826498398c5367525fec0bc9

6b664d6b89eabbac55c8927fa29d2669ba629a40f1abbf12d76f8d9b14e4facb

b14a43816be48e5624a82bc768011389daf67645ae8cfe2078a9ee523d8e8afe

bd85259d7078c4fc3749bde57165848d3575d32bcb45d88572cd4d6c73b89170

ceddcfa72226e91f7435facafe6631d1385ca4d246d242d5136ac4e9462b8611

e11a90704ac0ea7eacb7d9eeda4a6db1e6fb3f21402d06429617f9af69d0a1b8

+ 275 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/220102-jm5fmaggbq/

Behaviour

Delays execution with timeout.exe

Gathers network information

Gathers system information

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Blocklisted process makes network request

Malware Config

Dropper Extraction:

https://discordapp.com/api/webhooks/917825905655709736/gzi9vYVq0KElHJncQOSEZg3UX9rRgrZJ6goD8r5Ofl36MTAlvAC0PqdQwz_KJJTespfW

Unpacked files

SH256 hash:

35616cb24994c8f53d586c6a5959c1011331e4c224be38bb5de08ee89378ecb8

MD5 hash:

685c563cf8e54df63b4806e403bd06e4

SHA1 hash:

bfecec9c276ee08f078647a31d33e8fec597fc44

Link:

https://www.unpac.me/results/577b3e64-abaa-4608-a96c-7670c80c1b9e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/35616cb24994c8f53d586c6a5959c1011331e4c224be38bb5de08ee89378ecb8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 35616cb24994c8f53d586c6a5959c1011331e4c224be38bb5de08ee89378ecb8

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1941614/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/217067/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample