MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45d663b55f621687668af15e287804cfb339abb76a3d6e43159760e161b29940. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45d663b55f621687668af15e287804cfb339abb76a3d6e43159760e161b29940
SHA3-384 hash: 90247d86f3efb9e8d872146596326c78afb460271b30eea96bd518ab7d0b444396cc3f8bb724647a1bdee3bcbf3f4368
SHA1 hash: e0e99a4b35dedd94928d51e174d27982c736b4d0
MD5 hash: 8d3eb18688c09f47cd3b63ca0bade552
humanhash: utah-table-vermont-arkansas
File name:8d3eb18688c09f47cd3b63ca0bade552
Download: download sample
File size:1'654'907 bytes
First seen:2022-10-02 05:02:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ae9f6a32bb8b03dce37903edbc855ba1 (28 x CryptOne, 18 x RedLineStealer, 15 x njrat)
ssdeep 24576:zry2uXzmwLlDUEIbabXwY1q66Db0dmds/9EHEzVIp0vlLi2Qv5oZT4pughaonkwn:zunZdzbXV0Ntk56yfQv5Me1zTn
Threatray 1'787 similar samples on MalwareBazaar
TLSH T1B675235278C18472D0362D3929E99729597CBC221F359ACF93E42B3D5E341C19B3AFA3
TrID 89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
262
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/315663/
Detection(s):
SecuriteInfo.com.Trojan.Uztuby.4.21386.15255.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the %temp% directory
Launching a process
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/40569/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/f6782607-3b64-4fab-9ef4-526ff82db485
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1081784
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/45d663b55f621687668af15e287804cfb339abb76a3d6e43159760e161b29940/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2022-10-02 05:03:19 UTC
File Type:
PE (Exe)
Extracted files:
56
AV detection:
19 of 41 (46.34%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ixlghnk7miliozuk6fpcq6aez6zttk5xni6w4qyvs5qocynstfaa._file
Verdict:
malicious
Similar samples:
190f4fb1b115015c5953c32d83b90e4574b371611ca78f6d37f6c0839b7be9b5
20b6bad0f4cef3da8b183c5b57e45008ee345eb84b214281fe85694f825b93d8
22cd2928145df3e4a40db97a5e6ec531a5f18720d6c44122067abeba33efe7e7
283906c670f0a64dbd5f3ce78354ef08071db8b728c3ee93f55195da68fd7d1c
bf714f661724be71712eba1e8c6660a08e39b2deb3aaa09631fc568ebf7c0d83
dd08f8f4064603778ab013b6a8b0f80b22c5acc6d249a59d097bdedf0e7ece49
f7832103363735864f3dd783f2109f47d80885a59d6f00a503a6eb06e0f9f334
+ 1'777 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/221002-fppleahfh4/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/9aac3cba-cb8d-42c3-8c1b-315b2b100e20
Unpacked files
SH256 hash:
1c1b1e890b9cd3b5f223e891373f73470251199464015531c919996ca0971b83
MD5 hash:
ec546308417867caaf1a3348b97cbdba
SHA1 hash:
de587b11a1f31763ce92eb944ee16084ba6a7b62
Link:
https://www.unpac.me/results/27b43d1b-deb9-45eb-8de5-3a9f7688883a/
SH256 hash:
18a073bd933c5857482497d6eb7f6d587aae053264b5a7b33384a5099fc149cb
MD5 hash:
35a3589d7475372446d12535fe635ce8
SHA1 hash:
820ee368a0d542522cf598407bc3885e46a5a176
Link:
https://www.unpac.me/results/27b43d1b-deb9-45eb-8de5-3a9f7688883a/
SH256 hash:
45d663b55f621687668af15e287804cfb339abb76a3d6e43159760e161b29940
MD5 hash:
8d3eb18688c09f47cd3b63ca0bade552
SHA1 hash:
e0e99a4b35dedd94928d51e174d27982c736b4d0
Link:
https://www.unpac.me/results/27b43d1b-deb9-45eb-8de5-3a9f7688883a/
Malware family:
CryptOne
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/45d663b55f62/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/45d663b55f621687668af15e287804cfb339abb76a3d6e43159760e161b29940

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:RansomwareTest8
Create hunting rule
Author:Daoyuan Wu
Description:Test Ransomware YARA rules

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 45d663b55f621687668af15e287804cfb339abb76a3d6e43159760e161b29940

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/315663/

Comments


Avatar
zbet commented on 2022-10-02 05:03:01 UTC

url : hxxps://2jhbdhjfsdf2.monster/search_hyperfs_214.exe