MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c750d7eaa45aea07cd60993c0652ff9fe04b0fee8932e117945191a3fd76914. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	3c750d7eaa45aea07cd60993c0652ff9fe04b0fee8932e117945191a3fd76914
SHA3-384 hash:	48371513ad7e04597449d15b449c9b250eb03f741b1d91cd749597b4e773139e065e106cd7d5413bab7ca6782d53ae8a
SHA1 hash:	4d771f3f714f7df270bea01aca71b7213ebe826a
MD5 hash:	cafaf1e747e3796278e4675c6bb57b23
humanhash:	tennessee-fifteen-virginia-oxygen
File name:	cafaf1e747e3796278e4675c6bb57b23.exe
Download:	download sample
File size:	1'702'400 bytes
First seen:	2022-01-31 03:17:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	23e911f9a82ac0d345fa6cc9104b6bf4
ssdeep	24576:nui93Vkg97e2KjCcGIG4W6VifDWIkJ7iJtxNhtNNefd0OIG3RQlyrLxoA8ZPo+Zn:dlJe9G3D6JYxpNNEd0OIcRfn0Po+Z1I
Threatray	794 similar samples on MalwareBazaar
TLSH	T1D275BE1AA3A842F8D0ABD178C946964BE7F27C461230D79F16E45E5E1F77BB01E2E310
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

169

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

cafaf1e747e3796278e4675c6bb57b23.exe

Verdict:

No threats detected

Analysis date:

2022-01-31 03:21:33 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/d6c5b9e8-2c76-4175-a163-90ff6fbaf8bf

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/228240/

Detection(s):

PUA.Win.Packer.Upx-4

Win.Malware.Spyagent-9830839-0

Win.Dropper.Pswtool-9857488-0

Win.Packed.Jaik-9862233-0

Win.Trojan.Jaik-9869659-0

Win.Trojan.Jaik-9873403-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

DNS request

Sending an HTTP GET request

Creating a file in the %temp% directory

Creating a process from a recently created file

Creating a process with a hidden window

Reading critical registry keys

Stealing user critical data

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/5547/overview

Behaviour

MeasuringTime

GetTempPath

EvasionQueryPerformanceCounter

CheckCmdLine

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

fingerprint greyware packed print.exe

Link:

https://www.filescan.io/uploads/61f754eed9e6538232d59d6f/reports/3473ffcd-1e25-44be-a6c0-d288f6be838e/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/5a84e75c-22e3-4781-a241-368c7a46a02e

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.spyw

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/930499

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3c750d7eaa45aea07cd60993c0652ff9fe04b0fee8932e117945191a3fd76914/

Threat name:

Win64.Hacktool.NirSoftPT

Status:

Malicious

First seen:

2022-01-24 18:21:06 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

32 of 43 (74.42%)

Threat level:

1/5

Verdict:

malicious

4bf7e42dbb9b672b3ad79dcece4dbf8a0ffdea5634ce7f6425d05b31ca1a92ff

59120af2ca9c8bc1176a4dc543135c7f0629682d73cb086c97117befa7003388

849beb1413d9750e1bad8a3758dc87053d47fe5cba1528723414c918625e6d27

c4b4f4378e2335ab4aee6d5907aeff9b3d8678bd218acdfaed5fd3a969ca8bd0

e0a33241f5c4ac8f304af0387ddc54da264c0a5101c822d0fc71b10af947b391

+ 784 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/220131-dtmlhaebhq/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Looks up external IP address via web service

Reads user/profile data of web browsers

Executes dropped EXE

UPX packed file

Unpacked files

SH256 hash:

3c750d7eaa45aea07cd60993c0652ff9fe04b0fee8932e117945191a3fd76914

MD5 hash:

cafaf1e747e3796278e4675c6bb57b23

SHA1 hash:

4d771f3f714f7df270bea01aca71b7213ebe826a

Link:

https://www.unpac.me/results/8e45856f-25fc-4af2-9603-d5c5495d2d60/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3c750d7eaa45aea07cd60993c0652ff9fe04b0fee8932e117945191a3fd76914

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/228240/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample