MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46491d62b4cb8d012dfa9d53ed65f8f192a1ae5e643057214bb5e14775cb9a98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46491d62b4cb8d012dfa9d53ed65f8f192a1ae5e643057214bb5e14775cb9a98
SHA3-384 hash: 82ffcede24678a27a168c15e44a8ea1ff1b79d9510b3ce303614fd739dc8e1ba64e64e1c7362cc680a5cb56d85fcaf89
SHA1 hash: 575bda17d88fc8ed4706d035a5548b9af48449b0
MD5 hash: f43e5255692d855b2b65e3e5f7211070
humanhash: march-neptune-triple-two
File name:f43e5255692d855b2b65e3e5f7211070
Download: download sample
File size:523'776 bytes
First seen:2022-01-12 00:28:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a3873e9f4c3f2553a2874ec7618ce21e (1 x RaccoonStealer, 1 x Amadey, 1 x RedLineStealer)
ssdeep 12288:GILn6MEfztqUnUxs9iIoDyJRj86dMDexWcAch4tUTc6:GcJEhqW6UiIouJRj8qMDeccFh4ec
TLSH T1EFB49D057781EA6EE44142F18934FD6C09A659F1DBEF82F773F41E2E0D622D005B47AA
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
227
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f43e5255692d855b2b65e3e5f7211070
Verdict:
Malicious activity
Analysis date:
2022-01-12 00:39:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a50fd064-0312-4b29-9f1f-1e62562f3fa5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/218425/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
DNS request
Creating a process from a recently created file
Unauthorized injection to a system process
Enabling autorun by creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe greyware packed
Link:
https://www.filescan.io/uploads/61de20d6f2e8ec86fef17772/reports/43b63e35-df22-4ca4-8de1-7ae8ad7a3424/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/58d1244b-074e-4d81-9c94-362b4cebd60b
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/918807
Signature
Allocates memory in foreign processes
Contains functionality to compare user and computer (likely to detect sandboxes)
Found malware configuration
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/46491d62b4cb8d012dfa9d53ed65f8f192a1ae5e643057214bb5e14775cb9a98/
Threat name:
Win32.Trojan.Raccoon
Create hunting rule
Status:
Malicious
First seen:
2022-01-12 00:29:11 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
27 of 43 (62.79%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220112-asxhjaaebn/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Executes dropped EXE
Unpacked files
SH256 hash:
2d4c422a0e4d9a8269dbdcb687cf41d439a35ba729f044639b8ac8af499f2574
MD5 hash:
6218997fa605040d5f55395eb691e89c
SHA1 hash:
e8f88e2e34274d0c744ec552edcc885ae885dd71
Link:
https://www.unpac.me/results/965fb71a-5570-4984-9fbc-a3a431412bde/
SH256 hash:
46491d62b4cb8d012dfa9d53ed65f8f192a1ae5e643057214bb5e14775cb9a98
MD5 hash:
f43e5255692d855b2b65e3e5f7211070
SHA1 hash:
575bda17d88fc8ed4706d035a5548b9af48449b0
Link:
https://www.unpac.me/results/965fb71a-5570-4984-9fbc-a3a431412bde/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/46491d62b4cb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/46491d62b4cb8d012dfa9d53ed65f8f192a1ae5e643057214bb5e14775cb9a98

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 46491d62b4cb8d012dfa9d53ed65f8f192a1ae5e643057214bb5e14775cb9a98

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/218425/
  
URLhaus
https://urlhaus.abuse.ch/url/1969052/

Comments


Avatar
zbet commented on 2022-01-12 00:28:57 UTC

url : hxxp://95.143.178.121/ddv1aWPx3.exe