MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 383c048dffd121de5e20a8c4f70a76ed041c1bf3b43978de227c0e33da219c36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 383c048dffd121de5e20a8c4f70a76ed041c1bf3b43978de227c0e33da219c36
SHA3-384 hash: df704fd8615c1f648b62a2fa1631abbfc9aa8da28528fd2d1c87c0819ca8bda6bdafb451c4d020b7341111f88cb2c220
SHA1 hash: 0fd9a57d7fb6f0107e8b27c2f503158e8c807339
MD5 hash: 4e8cfb342a79aaccdf211ed9685e5621
humanhash: helium-lactose-tennessee-delta
File name:system86(2).exe
Download: download sample
File size:133'120 bytes
First seen:2021-11-17 14:38:46 UTC
Last seen:2021-11-17 14:38:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash afba3b8b31c67dace4c6040b0c533a33 (2 x RaccoonStealer)
ssdeep 3072:eg7g1pH9yZNeJukcbo1xhj7WWO/fjnvtntA25YI:e79yZwYNEFWWkvX95
Threatray 484 similar samples on MalwareBazaar
TLSH T151D38D04B7F19036E1E356302970C7B15EFBBD7269B6904BF344222E5EB22D05AE5763
File icon (PE):PE icon
dhash icon fcfc94d4d4d4d8c0 (24 x RaccoonStealer, 21 x RedLineStealer, 9 x Smoke Loader)
Reporter JAMESWT_WT
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
system86(2).exe
Verdict:
Malicious activity
Analysis date:
2021-11-17 14:47:16 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0aafe1c4-bd16-4544-999f-cf3568308f33

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/206863/
Detection(s):
Win.Packed.Generic-9908949-0
Create hunting rule

Win.Dropper.Fragtor-9909325-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
Launching a process
Launching the default Windows debugger (dwwin.exe)
Searching for the window
DNS request
Creating a process from a recently created file
Enabling autorun by creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/619514082695a62af9f2391f/reports/a346430f-9a7b-4cfc-a94e-9d1f52f7aefa/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/09111e67-778a-4193-819e-fb7a55037659
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/891230
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Bypass UAC via Fodhelper.exe
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/383c048dffd121de5e20a8c4f70a76ed041c1bf3b43978de227c0e33da219c36/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-11-17 14:32:09 UTC
AV detection:
17 of 44 (38.64%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
00c23828efd45ceba67fa28446d82b41f71acd12fdbdfe192bb39bea0fa498b0
331df11f37914f6198f16dd51527abfecd77ff93fd875970f16e92978047ec74
36d52200699e48e8e62638283b17c5eed4c1fa722274ebe1630db72e558945ca
370f5dbb2a09cfbbe1c493b7942294c12eb9aca8b03d48db57512e0ad543ced3
6c2ad98af84288aff6f49ae92f9f71befbfaa4ac35d1a05b1441f1ce15124ee0
709aff2453909486058b4b46d2e53dc9bb970aaa2966bae1986e9de0c4b1836d
732c5357288217516cc3ab7d82ef7091076f313efa61596aaa88cd2ff43ee335
8270f4aceee1b35ac2547b6a8fabfa831c8a3888e01d8fa97c24c388d318429c
c5c0fbca778f53dc085d84ad3f038e4a20bce7add5f07012594194bc3bca522a
f1fe2b4febc584ce92e4e4102d79fcc7555eb85e96147520e8c7569156b758e4
+ 474 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211117-r1ageadaa3/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
f3c1eac9090638efca2c6db6b737c3dfa0676c2d7882eb7473719e0dd27a99cb
MD5 hash:
5cd541e806f1da91ae350657712cda9a
SHA1 hash:
1d345d220265879e82cbb96eeb8b9a54b688641f
Link:
https://www.unpac.me/results/e7e67aae-fe11-4f83-9885-8c5410da9c63/
SH256 hash:
383c048dffd121de5e20a8c4f70a76ed041c1bf3b43978de227c0e33da219c36
MD5 hash:
4e8cfb342a79aaccdf211ed9685e5621
SHA1 hash:
0fd9a57d7fb6f0107e8b27c2f503158e8c807339
Link:
https://www.unpac.me/results/e7e67aae-fe11-4f83-9885-8c5410da9c63/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/383c048dffd121de5e20a8c4f70a76ed041c1bf3b43978de227c0e33da219c36

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 383c048dffd121de5e20a8c4f70a76ed041c1bf3b43978de227c0e33da219c36

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/206863/
  
URLhaus
https://urlhaus.abuse.ch/url/1797570/
  
Delivery method
Distributed via web download

Comments