MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36e08c2df39cd84d8969a95de6a6882fbc954e7ca31a5a5d4be8ec33cfa84649. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36e08c2df39cd84d8969a95de6a6882fbc954e7ca31a5a5d4be8ec33cfa84649
SHA3-384 hash: 363c6430951f6a108cb9ee2ca0b0865f989f35fbf4d6704a79b6900310a0246dc8d9343be811a24ec918ab9cb777da72
SHA1 hash: fab803559e83e053c455145da709e965518b4ca6
MD5 hash: f91984d0f12b481c8cc53059cbb86f02
humanhash: mississippi-whiskey-orange-berlin
File name:cc.exe
Download: download sample
File size:726'016 bytes
First seen:2022-02-22 19:51:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 26a85e9be51624486be42c0ab7b10bd2
ssdeep 12288:FlR8myccdcCmbGxzYe+5F2QUzXWYgeWYg955/155/h0uXuDfvrXT42oXn6xkAx4w:dlyc3rbGx0z2QUz9uXuDfvrXT3ye9S4Z
Threatray 210 similar samples on MalwareBazaar
TLSH T1DEF48D1A73A501FCE0BBD03A89529A52FB727C1607618BDF13A0075B2F676E45E3E361
Reporter r3dbU7z
Tags:exe Ogoxts

Intelligence

File Origin
# of uploads :
1
# of downloads :
218
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/243437/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/7049/overview
Behaviour
MalwareBazaar
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed wacatac
Link:
https://www.filescan.io/uploads/62153ee6875593a3cc052626/reports/4c0a469f-24e9-4fe9-88fb-1faa0c01e18f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/4fca1605-66a7-455d-b253-19b04a0f0a1a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/944264
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Modifies the windows firewall
Multi AV Scanner detection for submitted file
PE file contains section with special chars
PE file has a writeable .text section
Uses netsh to modify the Windows network and firewall settings
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 576744 Sample: cc.exe Startdate: 22/02/2022 Architecture: WINDOWS Score: 80 34 googlehosted.l.googleusercontent.com 2->34 36 google.com 2->36 38 4 other IPs or domains 2->38 42 Antivirus detection for dropped file 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 Multi AV Scanner detection for submitted file 2->46 48 2 other signatures 2->48 8 cc.exe 128 2->8         started        signatures3 process4 dnsIp5 40 127.0.0.1 unknown unknown 8->40 26 C:\Users\user\AppData\...\chrome_update.exe, PE32+ 8->26 dropped 28 C:\Users\user\AppData\...\chrome_update.dll, PE32+ 8->28 dropped 30 C:\Users\user\AppData\...\chrome_proxy.exe, PE32+ 8->30 dropped 32 17 other files (none is malicious) 8->32 dropped 50 Modifies the windows firewall 8->50 13 cmd.exe 1 8->13         started        16 chrome_update.exe 2 8->16         started        18 chrome_update.exe 8->18         started        file6 signatures7 process8 signatures9 52 Uses netsh to modify the Windows network and firewall settings 13->52 20 netsh.exe 3 13->20         started        22 conhost.exe 13->22         started        24 chrome_update.exe 4 16->24         started        process10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/36e08c2df39cd84d8969a95de6a6882fbc954e7ca31a5a5d4be8ec33cfa84649/
Threat name:
Win64.Trojan.Tedy
Create hunting rule
Status:
Malicious
First seen:
2021-11-21 02:33:25 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
26 of 43 (60.47%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
20fdea0c17ffb565895491b930cc6ad3df6ca3cc85780ddda1dad5a0ecd1983b
6f122f00adaab046587bde91f69868655c4491895c4d0716bf2ee479ce628a63
7aba21bd10b88275b4620021abc90e8d0e5f8f0316e8d8c0b883554afc18f8ae
a2648c0044dd0c910d9176445c297fd3c6f457478c2a4492ab4e504566c053a3
b1516cc28d0e6e3f77a8eadd2a7fda7daf746e0a7b27088e016519baf8de0338
e279b97a4fcc8187136ca076d0bc25b9b7622483e8f26733fe2574485e6f3a36
f76c4cbfd0f66af33781adf386474e1d00a76d98d822a41fb6092d27c5726cb6
+ 200 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion spyware stealer trojan
Link:
https://tria.ge/reports/220222-yldzlsdae4/
Behaviour
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks whether UAC is enabled
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Modifies Windows Firewall
Unpacked files
SH256 hash:
36e08c2df39cd84d8969a95de6a6882fbc954e7ca31a5a5d4be8ec33cfa84649
MD5 hash:
f91984d0f12b481c8cc53059cbb86f02
SHA1 hash:
fab803559e83e053c455145da709e965518b4ca6
Link:
https://www.unpac.me/results/c2475adf-8916-45d2-9af8-430d9db02891/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/36e08c2df39cd84d8969a95de6a6882fbc954e7ca31a5a5d4be8ec33cfa84649

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 36e08c2df39cd84d8969a95de6a6882fbc954e7ca31a5a5d4be8ec33cfa84649

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/243437/

Comments