MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4248e3a85f2ba76bb7757f263937e9e4f1bc1a26c3287464d146a96667a13e3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Nitol


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4248e3a85f2ba76bb7757f263937e9e4f1bc1a26c3287464d146a96667a13e3a
SHA3-384 hash: 45fc5b6cca87740c8859e41e7369910ba2c6e519651c1299b5dd22360e826c5aa1eda9f5508bf9d44b7e65c850a304e5
SHA1 hash: 01e03a98dc1629e226e5c23a52b1f97919558340
MD5 hash: f701eaa73886f961d0bbe9b554e80c12
humanhash: wolfram-neptune-mike-nevada
File name:f701eaa73886f961d0bbe9b554e80c12
Download: download sample
Signature Nitol
Create hunting rule
File size:1'982'976 bytes
First seen:2022-05-13 16:41:09 UTC
Last seen:2022-05-13 17:41:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 071103b88eea4281455a45210891f0f5 (1 x Nitol)
ssdeep 49152:w2KWz/NaYLZ8lShjDYtW429jNUgeKQvKK+1s5kHGFjXOyzU/ObQ3N:sWz/NaYSlKotW429jNUgeKOK71qj+yzy
Threatray 17 similar samples on MalwareBazaar
TLSH T168958D327B508077C6BB3130C54BE7B9F6BDD9718E74125B6AA11E3D3E34892952822F
TrID 77.4% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
12.2% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
4.1% (.EXE) Win64 Executable (generic) (10523/12/4)
1.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.7% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon d4e0b29ecc962bcd (1 x Nitol)
Reporter zbetcheckin
Tags:32 exe Nitol

Intelligence

File Origin
# of uploads :
2
# of downloads :
548
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
PurpleFox
Create hunting rule
ID:
1
File name:
Rsucco.exe
Verdict:
Malicious activity
Analysis date:
2022-05-13 16:51:28 UTC
Tags:
trojan PurpleFox
Link:
https://app.any.run/tasks/521bb9c3-d252-45d2-98e0-17c531e21243

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/270476/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe greyware keylogger shell32.dll
Link:
https://www.filescan.io/uploads/627e8a358d13de6dc3b20a75/reports/4298f175-ab26-4c5f-8840-16f90d732ebd/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/7991abed-c9d5-4607-8846-cd59e3783e2f
Result
Threat name:
GhostRat, Nitol
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/993755
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to capture and log keystrokes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected GhostRat
Yara detected Nitol
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4248e3a85f2ba76bb7757f263937e9e4f1bc1a26c3287464d146a96667a13e3a/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2022-05-13 16:42:07 UTC
File Type:
PE (Exe)
Extracted files:
41
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1bfa8af4b51d9fc54d4baa49df27116f44ce269da9123625c1f2ba17289ea2cd
Nitol
2b7e4e5758699f924f50615e8fe48e13bf428d7aa1fcbfb2ed4f64a0fd6a8f93
Nitol
2cd18c340d412d1c09215c828190621ce558d8ea43ba0ad28e3365ff0619fe8b
Nitol
3f254c62ad02f051ac2112f3aa92cb537f95d7de0d3c80ba5c42dc3a8a79090e
Nitol
5f7322f79d8ce25a52aadf16b3f068169990cda606fb287d74fd5957c250c3b5
Nitol
83c31903a72e894c0c0a74bc456a9ce007991bf682f1d072905865207adc8fbf
Nitol
9a72f971944fcb7a143017bc5c6c2db913bbb59f923110198ebd5a78809ea5fc
Nitol
9f8cd68021a1987bcb5115056f67fbdc12d24718e51c9103c696702512d78725
Nitol
aeed6f465b742621bf145219db4ca122f2d9986cfc716b03e99afbcbe336a942
Nitol
ef7127461d0a024cbdb38b1b958a40311cfc95573f77a739a89f9240e64fa522
Nitol
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220513-t7m27acbdp/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Enumerates connected drives
Executes dropped EXE
Unpacked files
SH256 hash:
ed43fef72b81259e8fd4d4d0e1f160b9d736a845a381405567b3f0b1840e7308
MD5 hash:
7087cca79aba22a71ae6620704728b85
SHA1 hash:
6b2b41d3d8d6377918101be4ec0978bd2b0fb014
Link:
https://www.unpac.me/results/85446b41-e3ce-499f-b6e3-57c6153a7a92/
SH256 hash:
4248e3a85f2ba76bb7757f263937e9e4f1bc1a26c3287464d146a96667a13e3a
MD5 hash:
f701eaa73886f961d0bbe9b554e80c12
SHA1 hash:
01e03a98dc1629e226e5c23a52b1f97919558340
Link:
https://www.unpac.me/results/85446b41-e3ce-499f-b6e3-57c6153a7a92/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4248e3a85f2ba76bb7757f263937e9e4f1bc1a26c3287464d146a96667a13e3a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Nitol

Executable exe 4248e3a85f2ba76bb7757f263937e9e4f1bc1a26c3287464d146a96667a13e3a

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/270476/
  
URLhaus
https://urlhaus.abuse.ch/url/2193339/

Comments


Avatar
zbet commented on 2022-05-13 16:41:17 UTC

url : hxxp://43.138.160.193:8055/Rsucco.exe