MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c6d3d8d1d1cd0e7503c141e407c2d0f13f87b5b76dac2cff033baa027033e1c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA 3 File information Comments

SHA256 hash:	3c6d3d8d1d1cd0e7503c141e407c2d0f13f87b5b76dac2cff033baa027033e1c
SHA3-384 hash:	0aa9e7deb111370d7ff614fd050138dde23c6e47ee7de37e137c3dfb28cac2a0094c09539df03802e1475e74eed82656
SHA1 hash:	3bfdd32e7f21a9c74aae2b798c9b478f1b160072
MD5 hash:	ddcacd8e602bde574e3380cd34b17a22
humanhash:	sweet-leopard-jig-three
File name:	ddcacd8e602bde574e3380cd34b17a22.exe
Download:	download sample
File size:	598'016 bytes
First seen:	2021-10-18 12:00:32 UTC
Last seen:	2021-10-18 13:30:59 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b2b1ce057c4a3ad8c1ee685e46521866 (2 x Smoke Loader, 1 x Loki, 1 x CryptBot)
ssdeep	12288:he7bIUncjF2EjM1bDUJDwtk81mEjN1otGBjlG1iDirElKdNHd:M7MUncjUKM1PUJMtk0N1o4hlGghK
Threatray	32 similar samples on MalwareBazaar
TLSH	T17BD4F1216BA1C035F1F352F8097693A8792E3AA0B73494CF12D657EA4A246F1FD7131B
File icon (PE):
dhash icon	5012b0e068696c46 (8 x RaccoonStealer, 8 x RedLineStealer, 6 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

156

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/198161/

Detection(s):

SecuriteInfo.com.Ransom.Stop.Z5.2251.31331.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Rewriting of the hard drive's master boot record

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/616d62039a5a1e91c5c3c091/reports/ff24e086-722c-4f58-b738-40466ef85dc1/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Pitou

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/d87efd8e-18ff-4fb2-8676-1fbaef7c0696

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/872240

Signature

Contains functionality to infect the boot sector

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3c6d3d8d1d1cd0e7503c141e407c2d0f13f87b5b76dac2cff033baa027033e1c/

Threat name:

Win32.Trojan.Azorult

Status:

Malicious

First seen:

2021-10-18 12:01:09 UTC

AV detection:

19 of 28 (67.86%)

Threat level:

5/5

Verdict:

malicious

440de5c3ce1c9cf276516354babcae98f726b2f6a16d747f5ca2154b0e450410

a09cbb1704807a612702a6fd63c2c58d096da4c99034be7fc1d92bc5ef7bfc1b

b6b28602888cb4f4335d3e02a0a91cd945a64f1c5cd6372cf70aad05dc5c0d30

ce1ab55a70d98baf0f844e1bc21f376ff356ddb9067523f908315934c346737a

ce1c2e089ab14ef543b6604bd4fd82213708b89372fd63d414ff6e694ddce4ad

dd1dc97c210d7ed5cfe8c72bd8dd28bb080dcf1444d9770fdd7c5c436de345e5

f1c367a9e61a79e35b25ced3249166e442845a3d63a06524fb908477140c9f10

f69bdd82ca22268d090832707e37b1cae408ba96476843b55feedac11acc6277

fb2e2174a3ec526861932043c1aa5b5e62e3abed0bb73e88e495eab66635e758

+ 22 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

bootkit persistence

Link:

https://tria.ge/reports/211018-n6xx4sdec2/

Behaviour

Writes to the Master Boot Record (MBR)

Unpacked files

SH256 hash:

c54c453dcc317080f938de1472f4173e0d2788a80aeec793d0bb7897f430117a

MD5 hash:

363ed0c8e3764327698548c30e01b19d

SHA1 hash:

6fe6290010bbb4f874dbc96e7943ff1c0645fa45

Link:

https://www.unpac.me/results/71cb5785-d74f-44ae-a7a4-045ebccd0a5b/

SH256 hash:

3c6d3d8d1d1cd0e7503c141e407c2d0f13f87b5b76dac2cff033baa027033e1c

MD5 hash:

ddcacd8e602bde574e3380cd34b17a22

SHA1 hash:

3bfdd32e7f21a9c74aae2b798c9b478f1b160072

Link:

https://www.unpac.me/results/71cb5785-d74f-44ae-a7a4-045ebccd0a5b/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/3c6d3d8d1d1c/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3c6d3d8d1d1cd0e7503c141e407c2d0f13f87b5b76dac2cff033baa027033e1c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BitcoinAddress Create hunting rule
Author:	Didier Stevens (@DidierStevens)
Description:	Contains a valid Bitcoin address

Rule name:	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM Create hunting rule
Author:	ditekSHen
Description:	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Rule name:	win_pitou_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.pitou.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/198161/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample