MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43f6ee2aa859ad45bdc8afa4c2ea1f31f1925bee9a9eb5c716eec9ffb5c88cb3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43f6ee2aa859ad45bdc8afa4c2ea1f31f1925bee9a9eb5c716eec9ffb5c88cb3
SHA3-384 hash: c209d34c214d86e84f90cd7da56036a63a8943a4fb8d32c61e7b02d2a098cb32fad2c54556a188554f41418787d1c823
SHA1 hash: d3cbac0f481d7c6c1fb2274d533c9ce1756fe579
MD5 hash: 1c6a420c26ae08ca1f1d7e6a1ae1e462
humanhash: item-leopard-nuts-mirror
File name:lutzen.exe
Download: download sample
File size:2'774'016 bytes
First seen:2022-09-21 07:46:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 42b27a080e9ee0252f310f33fbc7cafc
ssdeep 49152:BQC2g9DLhyrLdcwHqTQ0bkUhSPpLJSlrirqfXrnAd8z+mPtiTXPndFlWb0qDW9AT:/2GWLdcfXbX8EdxXTA2zHPtiLPdS1Ee
TLSH T195D5338349D172B3E248D3B7F656B07820A502BD8CC7535A7A2E49426879D8C4BBEF49
TrID 29.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
22.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
20.3% (.EXE) Win32 Executable (generic) (4505/5/1)
9.1% (.EXE) OS/2 Executable (generic) (2029/13)
9.0% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter Rony
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
281
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
03330064.bin
Verdict:
Malicious activity
Analysis date:
2022-09-21 07:35:53 UTC
Tags:
trojan stealer opendir
Link:
https://app.any.run/tasks/7190d167-a191-4174-80e9-fc180cfbf6d9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/312007/
Detection(s):
Win.Packed.Clipbanker-9917320-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for analyzing tools
Searching for the window
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
clipbanker packed shell32.dll virus
Link:
https://www.filescan.io/uploads/632ac17f12db32f024654bd3/reports/c54b8d72-4ad8-4fb1-b55b-5eae30974d50/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/9d05db09-567c-4b51-ad43-a8162fab87e9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1074399
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/43f6ee2aa859ad45bdc8afa4c2ea1f31f1925bee9a9eb5c716eec9ffb5c88cb3/
Threat name:
Win32.Trojan.Emotet
Create hunting rule
Status:
Malicious
First seen:
2022-09-20 08:18:56 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
25 of 26 (96.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ip3o4kvilgwulpoiv6smf2q7ghyzew7otkpllryw53e77noirszq._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion themida trojan
Link:
https://tria.ge/reports/220921-jmjh6afgc2/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks whether UAC is enabled
Checks BIOS information in registry
Loads dropped DLL
Themida packer
Executes dropped EXE
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d7ae13eb-6855-4986-80e2-af6eb2ea1271
Unpacked files
SH256 hash:
2dfe890a3d25a397e7f39058b98f437ab7c9bb90a2354921ddd66e3b0612d701
MD5 hash:
74ccda69c9966246e205e813dae869ad
SHA1 hash:
299b48e1949f3b35bf3aa46e8d3a894869b5625c
Link:
https://www.unpac.me/results/547eecd8-c3fb-4fee-bdbc-fecc47726d34/
SH256 hash:
43f6ee2aa859ad45bdc8afa4c2ea1f31f1925bee9a9eb5c716eec9ffb5c88cb3
MD5 hash:
1c6a420c26ae08ca1f1d7e6a1ae1e462
SHA1 hash:
d3cbac0f481d7c6c1fb2274d533c9ce1756fe579
Link:
https://www.unpac.me/results/547eecd8-c3fb-4fee-bdbc-fecc47726d34/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/43f6ee2aa859ad45bdc8afa4c2ea1f31f1925bee9a9eb5c716eec9ffb5c88cb3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

CryptBot

Executable exe b2fdf16f56a53ec57134d20655a23d5919c022a97cf7da4087bd6bf9f3704bb6

Executable exe 43f6ee2aa859ad45bdc8afa4c2ea1f31f1925bee9a9eb5c716eec9ffb5c88cb3

(this sample)

  
Dropped by
SHA256 b2fdf16f56a53ec57134d20655a23d5919c022a97cf7da4087bd6bf9f3704bb6
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/312007/
  
Dropped by
MD5 859c659aee8b897aeebf4b87364cc6d1

Comments