MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37877d87fff1b903df41bdb21fb500b0371f72de500c6f6768aec4d76966de67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37877d87fff1b903df41bdb21fb500b0371f72de500c6f6768aec4d76966de67
SHA3-384 hash: bbd8dd8fedff5a5310561b1c11de6a2b978adfb40284c7c25e939bac1aac2546da291f7ec716306b23448c893aa5dd1a
SHA1 hash: 666cd510615f21a30829580ec9186545f692829d
MD5 hash: 7f9758746499f5261ec206fcc962e929
humanhash: zebra-minnesota-spaghetti-india
File name:SecuriteInfo.com.Variant.Graftor.861068.14694.4856
Download: download sample
File size:720'896 bytes
First seen:2021-04-18 10:02:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash be907e49b761a5286e6847b55527ea84
ssdeep 6144:OfmtMNNbwP7Cwqu/BtUQttXJomHSKMe4O+Z2A31e4ZGcsXPOdCTB27j6T+JKyAvF:O+yI7Cwq08wNyQL+gAIs8rB27ujcK
Threatray 2 similar samples on MalwareBazaar
TLSH 1FE49F02F9D240F5D65D19300A5A7F7E9B7AAE060B14CFC39358DE5D9C32390A93B27A
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Variant.Graftor.861068.14694.4856
Verdict:
No threats detected
Analysis date:
2021-04-18 10:04:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8d7387d7-a42f-4cdf-8b4d-b0778ab4b025

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/137609/
Detection(s):
SecuriteInfo.com.Variant.Graftor.861068.14694.4856.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
ETERNALBLUE Xmrig
Create hunting rule
Detection:
malicious
Classification:
troj.expl.mine
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/684776
Signature
Antivirus detection for URL or domain
Found strings related to Crypto-Mining
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Uses known network protocols on non-standard ports
Yara detected ETERNALBLUE
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/37877d87fff1b903df41bdb21fb500b0371f72de500c6f6768aec4d76966de67/
Gathering data
Verdict:
malicious
Similar samples:
3bb1bbf49c6e224032025dc7dacb3862e8b16c8b39e5cc19c5aceda4dbc917d9
f7a8d3fb89711f208f281c267ed8dd647cda207ecb514d37892b56a0ddafbe9a
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210418-y969lh6a7x/
Behaviour
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CN_Honker_WordpressScanner
Create hunting rule
Author:Florian Roth
Description:Sample from CN Honker Pentest Toolset - file WordpressScanner.exe
Reference:Disclosed CN Honker Pentest Toolset
Rule name:IPPort_combo_mem
Create hunting rule
Author:James_inthe_box
Description:IP and port combo

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 37877d87fff1b903df41bdb21fb500b0371f72de500c6f6768aec4d76966de67

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1134302/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1134312/
Cape
Cape
https://www.capesandbox.com/analysis/137609/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-04-18 11:16:58 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0001.025] Anti-Behavioral Analysis::Software Breakpoints
1) [B0001.032] Anti-Behavioral Analysis::Timing/Delay Check GetTickCount
2) [B0012.001] Anti-Static Analysis::Argument Obfuscation
3) [F0001.002] Anti-Behavioral Analysis::Standard Compression
4) [F0002.002] Collection::Polling
6) [B0030.002] Command and Control::Receive Data
7) [B0030.001] Command and Control::Send Data
8) [C0002.009] Communication Micro-objective::Connect to Server::HTTP Communication
9) [C0002.012] Communication Micro-objective::Create Request::HTTP Communication
10) [C0002.017] Communication Micro-objective::Get Response::HTTP Communication
11) [C0002.003] Communication Micro-objective::Send Request::HTTP Communication
12) [C0001.012] Communication Micro-objective::Get Socket Status::Socket Communication
13) [C0001.009] Communication Micro-objective::Initialize Winsock Library::Socket Communication
14) [C0001.006] Communication Micro-objective::Receive Data::Socket Communication
15) [C0001.007] Communication Micro-objective::Send Data::Socket Communication
16) [C0001.001] Communication Micro-objective::Set Socket Config::Socket Communication
17) [C0027.009] Cryptography Micro-objective::RC4::Encrypt Data
18) [C0028.002] Cryptography Micro-objective::RC4 KSA::Encryption Key
19) [C0019] Data Micro-objective::Check String
20) [C0060] Data Micro-objective::Compression Library
21) [C0026.001] Data Micro-objective::Base64::Encode Data
22) [C0026.002] Data Micro-objective::XOR::Encode Data
24) [C0049] File System Micro-objective::Get File Attributes
25) [C0051] File System Micro-objective::Read File
26) [C0052] File System Micro-objective::Writes File
27) [E1510] Impact::Clipboard Modification
28) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
29) [C0036.004] Operating System Micro-objective::Create Registry Key::Registry
30) [C0036.003] Operating System Micro-objective::Open Registry Key::Registry
31) [C0036.006] Operating System Micro-objective::Query Registry Value::Registry
32) [C0036.001] Operating System Micro-objective::Set Registry Key::Registry
33) [C0040] Process Micro-objective::Allocate Thread Local Storage
34) [C0017] Process Micro-objective::Create Process
35) [C0038] Process Micro-objective::Create Thread
36) [C0054] Process Micro-objective::Resume Thread
37) [C0041] Process Micro-objective::Set Thread Local Storage Value
38) [C0018] Process Micro-objective::Terminate Process