MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4547f1174d1400e41a8072651b4a71c3b8a672f491163e9f09175c7838153200. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4547f1174d1400e41a8072651b4a71c3b8a672f491163e9f09175c7838153200
SHA3-384 hash: cfd46efc78c4b60f1e8780bbf04402db203689df3f434421589b74c46d2e0d8c4e43b3353d0db21c142a1f0532fbb316
SHA1 hash: 393cdb3186f67d9d7ae0a8033be2ae13cd16af30
MD5 hash: 0b0772d27a47c79be0d9c2e82d057ff7
humanhash: happy-jupiter-sad-charlie
File name:4547f1174d1400e41a8072651b4a71c3b8a672f491163e9f09175c7838153200
Download: download sample
File size:232'168 bytes
First seen:2020-11-10 11:04:16 UTC
Last seen:2024-07-24 13:41:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash baa634aefeafb4b29cdeb172fe1f2671 (11 x Gozi)
ssdeep 6144:NBf9cXpwOkejRyKM56rFzoJ3W03iJFftt:NU5wOkej1MCzB03CV
Threatray 4 similar samples on MalwareBazaar
TLSH 6A347C203981C032E8720530A4FCBB66556A7FB60B7194EBB7B4BE5C7E292D24174F27
Reporter seifreed

Intelligence

File Origin
# of uploads :
2
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a window
DNS request
Sending an HTTP POST request
Sending an HTTP GET request
Creating a process from a recently created file
Creating a file
Moving a recently created file
Moving a file to the Windows subdirectory
Sending a custom TCP request
Deleting a recently created file
Replacing files
Sending a UDP request
Launching a service
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4547f1174d1400e41a8072651b4a71c3b8a672f491163e9f09175c7838153200/
Threat name:
Win32.Adware.RedCap
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 11:06:31 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  1/5
Verdict:
unknown
Similar samples:
55897dc537d308842906dbf8bffde6eb846cdd6b5e9584d7efcbe7c342d5e699
7d3beeb2ab6a13038bce7d962a19a4d004a4526934823e23b8f1c5f68ed1800e
9a5e050fb6470a1a5fabf963ce60a23237a0ef553c18875770cd4ada41c5b259
c6a810bf84ea3fd17a282d2a10bec7811c79ff751d5dbcf9eb84cff95f1fd5ba
Result
Malware family:
n/a
Score:
  10/10
Tags:
bootkit persistence
Link:
https://tria.ge/reports/201110-rfb8l5lnbx/
Behaviour
Checks processor information in registry
Modifies registry class
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies service
Checks for any installed AV software in registry
JavaScript code in executable
Writes to the Master Boot Record (MBR)
Loads dropped DLL
Executes dropped EXE
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
4547f1174d1400e41a8072651b4a71c3b8a672f491163e9f09175c7838153200
MD5 hash:
0b0772d27a47c79be0d9c2e82d057ff7
SHA1 hash:
393cdb3186f67d9d7ae0a8033be2ae13cd16af30
Link:
https://www.unpac.me/results/f12c7632-c8f0-4db3-a9d7-09e27987809c/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments