MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39dccfd9fb14222805b157ffad7ecc1ee0e95c890d28a50c543fdd6a3861d583. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39dccfd9fb14222805b157ffad7ecc1ee0e95c890d28a50c543fdd6a3861d583
SHA3-384 hash: 88a15874dbc391192ec5e943c6ffc860ee69af13f35f7c3105bb244c46adf9c8a604dc91d347855ed6d35cdee396f085
SHA1 hash: 227bae27c53a1f14c43149bdceb09a6e10cd4220
MD5 hash: a8f12a19eb808df1a1e8476382a52f76
humanhash: black-butter-friend-stairway
File name:a8f12a19eb808df1a1e8476382a52f76.exe
Download: download sample
File size:346'112 bytes
First seen:2021-03-13 07:29:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cc4b17d0e5d5a1e26966b8ee27266b0b (5 x Smoke Loader, 1 x DanaBot)
ssdeep 6144:xmhEO3ICZjsOPDr/sddsd1RYFqsn+zJPQ5kmonV:xm6kICZj7Db0Sd1RYYI
Threatray 23 similar samples on MalwareBazaar
TLSH 89749E10ABA0D034F6F612B889758379E53A7EB1AB2495CF52D41FEA56346ECEC30317
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a8f12a19eb808df1a1e8476382a52f76.exe
Verdict:
Suspicious activity
Analysis date:
2021-03-13 07:31:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2e519d1d-093d-48f8-a3b3-19f331695faa

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/124043/
Detection(s):
Win.Packed.Tofsee-9840603-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a window
Sending a UDP request
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/638462
Signature
Delayed program exit found
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/39dccfd9fb14222805b157ffad7ecc1ee0e95c890d28a50c543fdd6a3861d583/
Threat name:
Win32.Dropper.Scrop
Create hunting rule
Status:
Malicious
First seen:
2021-03-11 05:15:06 UTC
AV detection:
31 of 47 (65.96%)
Threat level:
  3/5
Verdict:
malicious
Similar samples:
28ddbac06dfbd1d0e8240b60dd28693b2e8ce8ddd1f0cac4bcf9f3d51f2a0ac7
6bfb41ac8df840797e06a7da047dd349e7c4dbf75804f4ef2f3a9eb06daa2e38
8cec146d7a7b594cf7748b35c63ea1fed2c994ef2cdbb5731f1b15d9c9fa1ee3
9f91980eb1a3a4464aa42d10c1c9b6dae51381ce2d5b2816f378ca0c4007d72b
a06a77bd973a602f49aff3fa3a116c62d38f0e0c1842e9dca97531a68d1a3884
c84d98524bf72eac034a406063c9d25b3bceb254d3d03f1d68e018320c2fb506
c8a30abef2939b6c3b6193feffbaf8ba4a87c79fc32e71b10b94bbdb8e1e238f
f5acccf9cda0f0ff2063de3983bc8964b9020d30feff2e3a8b20800d3c4fe034
f9fa7707c2b699b79b0fe5948d0de10e4242220c0fd7c76062cf46fcb53f44ae
fc2a8472021c1f37e7ba14fd51259d37d10bd030ecd33134ebf42d3279ab860a
+ 13 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210313-qptqt2hx3j/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
a56d515897f4d9d336602a1809949629f0e79e1fa0d55154b3b1121fb6138085
MD5 hash:
b3d3f51c4249eeaa7d5245ea4f8c7460
SHA1 hash:
2a3627e3aeeab195eec76c2a65394d178c954f9f
Link:
https://www.unpac.me/results/c9ae641a-113f-4c14-82ae-2735b684a3b0/
SH256 hash:
39dccfd9fb14222805b157ffad7ecc1ee0e95c890d28a50c543fdd6a3861d583
MD5 hash:
a8f12a19eb808df1a1e8476382a52f76
SHA1 hash:
227bae27c53a1f14c43149bdceb09a6e10cd4220
Link:
https://www.unpac.me/results/c9ae641a-113f-4c14-82ae-2735b684a3b0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
MultiPlug
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/39dccfd9fb14222805b157ffad7ecc1ee0e95c890d28a50c543fdd6a3861d583

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 39dccfd9fb14222805b157ffad7ecc1ee0e95c890d28a50c543fdd6a3861d583

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1061031/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/124043/

Comments