MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dac62638ef8d58e1be2d0223fb621d305618e93d32cff71e11d732163cbf48e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	3dac62638ef8d58e1be2d0223fb621d305618e93d32cff71e11d732163cbf48e
SHA3-384 hash:	aa0ce61081e69c1826c777b96e10aa7d088dca06b1efc7334b8bbe07a5292ef7820be0711b89262cf4390fd2b8cb2c49
SHA1 hash:	20af885de118b5f4b9d99ef45a15e43996662f33
MD5 hash:	9a1ed40e36becff911aeb9e72f12fa14
humanhash:	rugby-kentucky-arizona-london
File name:	Prigozhin core.exe
Download:	download sample
File size:	10'581'510 bytes
First seen:	2023-12-29 20:44:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	75e9596d74d063246ba6f3ac7c5369a0 (8 x DCRat, 5 x PythonStealer, 4 x CoinMiner)
ssdeep	196608:vzVmA5PAYlCtrVNADXPRRH6vM9ojH0eqqcecO0pPP3ccrnBMLxbeab3Qif:8ABAYGQ/RRH4F0eue2pPP3trn+bea3
TLSH	T19EB633137DC6C4B2D6A249311FBCE276AAFC65020D264BD7A3A10B2D5E37691B3753C2
TrID	40.3% (.EXE) Win64 Executable (generic) (10523/12/4) 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 17.2% (.EXE) Win32 Executable (generic) (4505/5/1) 7.7% (.EXE) OS/2 Executable (generic) (2029/13) 7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	70c484a488c88009
Reporter	smica83
Tags:	exe UKR

Intelligence

File Origin

# of uploads :

# of downloads :

301

Origin country :

Vendor Threat Intelligence

Detection(s):

Win.Dropper.njRAT-9986242-0

Win.Dropper.Nanocore-9986456-0

Win.Malware.Bladabindi-10008357-0

Win.Packed.Babar-10012967-0

Win.Packed.Bladabindi-10017056-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a window

Сreating synchronization primitives

Searching for synchronization primitives

Creating a file in the %temp% subdirectories

Creating a process from a recently created file

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-vm control expand fingerprint installer lolbin lolbin overlay packed packed setupapi sfx shdocvw shell32

Link:

https://www.filescan.io/uploads/658f2fcfb855eb3693015019/reports/703348e7-3e88-439e-89b4-de41bb1a9c9f/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/3dac62638ef8d58e1be2d0223fb621d305618e93d32cff71e11d732163cbf48e

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/2e7db0b9-fed3-4c22-924a-42a9b9bf087b

Result

Threat name:

n/a

Detection:

malicious

Classification:

spyw

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1368073

Signature

Contains functionality to modify clipboard data

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

97%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/3dac62638ef8d58e1be2d0223fb621d305618e93d32cff71e11d732163cbf48e

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3dac62638ef8d58e1be2d0223fb621d305618e93d32cff71e11d732163cbf48e/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2023-12-29 20:45:14 UTC

File Type:

PE (Exe)

Extracted files:

1413

AV detection:

11 of 23 (47.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hwwgey4o7dky4g7c2ard7nrb2mcwddut2mwp64pbdvzscy6l6sha._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

7/10

Tags:

pyinstaller

Link:

https://tria.ge/reports/231229-zjp5jafdal/

Behaviour

Suspicious use of WriteProcessMemory

Detects Pyinstaller

Enumerates physical storage devices

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Unpacked files

SH256 hash:

3dac62638ef8d58e1be2d0223fb621d305618e93d32cff71e11d732163cbf48e

MD5 hash:

9a1ed40e36becff911aeb9e72f12fa14

SHA1 hash:

20af885de118b5f4b9d99ef45a15e43996662f33

Link:

https://www.unpac.me/results/ba300ba5-36a5-4e60-a927-7f4d5df86520/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3dac62638ef8d58e1be2d0223fb621d305618e93d32cff71e11d732163cbf48e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample