MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 357226dff2f3309f8271b5a7c2cc816aa8fb779275357dce9b98b30357951210. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CryptBot


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 357226dff2f3309f8271b5a7c2cc816aa8fb779275357dce9b98b30357951210
SHA3-384 hash: 42138fcba2165bc4c8f2a4910afda505546bb8c9b77dc3239a85cb2872c8bdc85c314f16865aa6adb577e3328fad2bfb
SHA1 hash: 380e25e00ceffc26712664662c2043b51d492fd3
MD5 hash: 0c8ec6b97df174fbf5cab7284871e891
humanhash: bacon-alpha-finch-kitten
File name:setup___pass_1234_activ.zip
Download: download sample
Signature CryptBot
Create hunting rule
File size:263'740 bytes
First seen:2021-12-21 14:05:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:de0SpVnfXrjcdRHCwjLRfUY58rSFoTJB9JhFdwW4nOc:de0SpVfXrjcHzLBU08rBNB/BwdOc
TLSH T1714423AFB06FDA41CD2DF93E609DF735A7BB9F4928C2204B673824A4538331E8971156
Reporter iam_py_test
Tags:zip


Avatar
iam_py_test
Fake cracked version of Avira.
Downloaded from hxxpx[:]//cybermicto768jubileejhsye6yt6543.s3.us-east-1[.]amazonaws[.]com/setup___pass_1234_activ[.]zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
222
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.2809.25003.UNOFFICIAL
Create hunting rule

Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/357226dff2f3309f8271b5a7c2cc816aa8fb779275357dce9b98b30357951210
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/357226dff2f3309f8271b5a7c2cc816aa8fb779275357dce9b98b30357951210/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-12-21 14:06:13 UTC
File Type:
Binary (Archive)
Extracted files:
53
AV detection:
3 of 43 (6.98%)
Threat level:
  5/5
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/357226dff2f3309f8271b5a7c2cc816aa8fb779275357dce9b98b30357951210

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CryptBot

zip 357226dff2f3309f8271b5a7c2cc816aa8fb779275357dce9b98b30357951210

(this sample)

CryptBot

Executable exe 40aa6aeab7d3af11f53ddda96690c31e5b5619c4c0b1791a62f5121c65c4ad0d

  
Dropping
SHA256 40aa6aeab7d3af11f53ddda96690c31e5b5619c4c0b1791a62f5121c65c4ad0d
  
Delivery method
Distributed via web download
  
Dropping
MD5 457b71f91a5c00fbe1c2c999bb92461a

Comments