MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40d59f94d24d0acc3dc9bb832853e2b9ec079f8b84f216c47a04a547877803f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40d59f94d24d0acc3dc9bb832853e2b9ec079f8b84f216c47a04a547877803f9
SHA3-384 hash: 42665b8853be7917c65ce4676ca0a871f7d0ff6a03712fa2c1489f849d681aa9e716416b8a5476f0800dde8eb8edbc53
SHA1 hash: 5063dcef604d63e5195427ffa49531036df7ee53
MD5 hash: 546ec68100c98cc6be6062f6d09030cc
humanhash: sink-vermont-hawaii-network
File name:546ec68100c98cc6be6062f6d09030cc
Download: download sample
File size:188'928 bytes
First seen:2021-08-09 19:25:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 66e96811d44c9a81b9322fd543b9ebd6
ssdeep 3072:+WBnOrooYTTLOftc7sr2RpBL9YFMww5dMX8xQAArywoOLi6:j4wfOcRpBLa+9M/ARwoOL
Threatray 395 similar samples on MalwareBazaar
TLSH T10F04AE1135F0CB72D19505758839C2F06A3BFCB53C319A8B7BF5766E1E322D2AA25346
dhash icon 1272d292105c5c03 (31 x RaccoonStealer, 6 x Smoke Loader, 4 x Loki)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Start.exe
Verdict:
Malicious activity
Analysis date:
2021-08-07 07:19:07 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/f01a73ad-5dbe-4028-a12d-9f1d1de3f412

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/177754/
Detection(s):
Win.Dropper.Babar-9883606-0
Create hunting rule

Win.Dropper.Babar-9883639-0
Create hunting rule

Win.Trojan.Generic-9883706-0
Create hunting rule

Win.Malware.Generic-9883727-0
Create hunting rule

Win.Malware.Generic-9883741-0
Create hunting rule

Win.Malware.Raccoon-9883751-1
Create hunting rule

Win.Malware.Generic-9883752-0
Create hunting rule

Win.Malware.Generic-9884015-0
Create hunting rule

Win.Trojan.Generic-9884137-0
Create hunting rule

Win.Malware.Raccoon-9883823-1
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1b54607a-9d6f-4eba-9381-fc5d94acf03a
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/829617
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/40d59f94d24d0acc3dc9bb832853e2b9ec079f8b84f216c47a04a547877803f9/
Threat name:
Win32.Trojan.MintTitirez
Create hunting rule
Status:
Malicious
First seen:
2021-08-07 01:16:55 UTC
AV detection:
35 of 47 (74.47%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
32c4d2e63b71883b2723629c9da4ad5c525724f8d0af16e5a678c3b479726949
4df50c6d6d188c3413bdba53851cbeea7b281b92b0d5341c021a65912395fa5b
5bcf924a80fd98d38c53e473788fa7ff54a7da9a6bee7779d1ee177e8c2db2cb
7dc5a00ea0996d4edb8fbee2a9d2caa97ece60b4d5f755c3e82a06205ee2a385
8d7953ccff3dbc3b9aad9e25f9437b71070d7e63613e193ab4be05cffd9a1f8d
9eafc2a0a992162261c3da6ae7206ed2d1466d3280149469ff323402a7dc09f9
be08ab1ce25fee08933f9538121460516ae66f5cd881dd06613c0d7c8882e7e0
+ 385 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210809-v7frv3q1dj/
Unpacked files
SH256 hash:
e29260b043d869ffa79a34a1892efdf894d3b90da7c39b11cc51c4904eb48b98
MD5 hash:
03e4af3c445b852d4b6ff65e5765940d
SHA1 hash:
f0172d772a5be7fea93b3ea32813de04756e8b6e
Link:
https://www.unpac.me/results/302e6c32-0b33-4d20-bae2-7860e4614995/
SH256 hash:
fac58af87993481cc73f61291e6f02a7bce378511d4cd0ee416360899331c083
MD5 hash:
2fd11e5813616f3c6d4542fcf858c8ae
SHA1 hash:
a8ca24fc84e1c13785b0653a513bff3d017721bd
Link:
https://www.unpac.me/results/302e6c32-0b33-4d20-bae2-7860e4614995/
SH256 hash:
40d59f94d24d0acc3dc9bb832853e2b9ec079f8b84f216c47a04a547877803f9
MD5 hash:
546ec68100c98cc6be6062f6d09030cc
SHA1 hash:
5063dcef604d63e5195427ffa49531036df7ee53
Link:
https://www.unpac.me/results/302e6c32-0b33-4d20-bae2-7860e4614995/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/40d59f94d24d0acc3dc9bb832853e2b9ec079f8b84f216c47a04a547877803f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 40d59f94d24d0acc3dc9bb832853e2b9ec079f8b84f216c47a04a547877803f9

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1519967/
Cape
Cape
https://www.capesandbox.com/analysis/177754/
  
URLhaus
https://urlhaus.abuse.ch/url/1519973/

Comments


Avatar
zbet commented on 2021-08-09 19:25:25 UTC

url : hxxp://45.137.190.166/dd.exe