MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37f2acf9034604a386575450898379fe0ff15368273bea17c9f527ff5d9bab08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37f2acf9034604a386575450898379fe0ff15368273bea17c9f527ff5d9bab08
SHA3-384 hash: f0a4a1279b6df086952d649dfe5b97a421bd737822007b571ccf1ccfec3be02ba3eab76b319410d3e10a63834b61b788
SHA1 hash: 9972790e8f8438621e2efba4379c77c863e38bd7
MD5 hash: 1aa869b782b855d046977a8008d6657d
humanhash: king-hamper-ceiling-maine
File name:1aa869b782b855d046977a8008d6657d.exe
Download: download sample
File size:1'756'826 bytes
First seen:2022-02-09 16:19:40 UTC
Last seen:2022-02-09 17:48:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9d1f0da408c33eebb70b9bfa17b7fddc (4 x njrat, 1 x Jadtre)
ssdeep 49152:toX3yq8XDY2Td2l+xysLqmiuUyKFAMkq9xZ:toHyq6d2UlcAcTZ
Threatray 297 similar samples on MalwareBazaar
TLSH T19185231277D5E073C11355314C4A8B72BA3CF5742A6286867BC59F383E32AAAC73674B
File icon (PE):PE icon
dhash icon cdabae6fe6e7eaec (20 x Amadey, 9 x AurotunStealer, 8 x CoinMiner)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
192
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/239732/
Detection(s):
SecuriteInfo.com.Backdoor.Xtreme.blw.7331.12523.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
DNS request
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/6546/overview
Behaviour
MalwareBazaar
CPUID_Instruction
SystemUptime
MeasuringTime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed setupapi.dll shdocvw.dll shell32.dll update.exe
Link:
https://www.filescan.io/uploads/6203e9c3c649d4049451bbb3/reports/6522750e-839e-4330-b8c5-063bc89de531/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ddc633c3-c4ef-42c1-8e04-32684e15426d
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
6 / 100
Link:
https://www.joesandbox.com/analysis/937039
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/37f2acf9034604a386575450898379fe0ff15368273bea17c9f527ff5d9bab08/
Verdict:
unknown
Similar samples:
09f671389b1751b349057fbb454c9a8263e95fbb8af54f47a016abad4a925472
2534eecca5ed157444298473d7c9c82d9def5b0a93ac581b75dede2f1a0c0a56
3494fdebd477fb45b537334f415f6e7b56ad7aa2764f80472ee7cb705d30eb65
4d4b219a3788d8e40bd7083d421e3d7d399a065bd53afb6e74d3fb7ab2bc09bd
7097b016e2aead3d213343e1de7332fddc4d83e2e8c2f8329460738cb2dbea4d
79ffbaa84a7808f62c8d2453e7e7ad96312da7e7b2e0b62c02d38f4de75eb3ca
7e7fd605de6d3d6aa4dc413baa57e8045470e809cf5fd61b80b4b3c51ee39ce9
9e2bea46ed015f98e1fb7591e83f1cac52c51f5e3f004cc6a57c508dcef134e0
d13edbb9da20126b75fd6f0d3c402fddcafdca90f81fd875b96a88c0028c431d
+ 287 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220209-ts4rdsbbak/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Unpacked files
SH256 hash:
37f2acf9034604a386575450898379fe0ff15368273bea17c9f527ff5d9bab08
MD5 hash:
1aa869b782b855d046977a8008d6657d
SHA1 hash:
9972790e8f8438621e2efba4379c77c863e38bd7
Link:
https://www.unpac.me/results/b5ebf777-c8bc-4f1b-978f-defef6543156/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 37f2acf9034604a386575450898379fe0ff15368273bea17c9f527ff5d9bab08

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/665593/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/239732/

Comments