MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46c8ac53157328105a599fd431f76664c79b597ab7686e12897b2d07043f8d2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46c8ac53157328105a599fd431f76664c79b597ab7686e12897b2d07043f8d2b
SHA3-384 hash: 5519a5c86ad3787358a9e2d348ce68c7d0b1cd866a55d5f1102b47e6ad7a1631300a0d60dc8f69f0e90528c6f78fb405
SHA1 hash: 18d38d893ded507b058266857633083d1fbdbac5
MD5 hash: 8e0be060385c07d8e8860749f9c721c3
humanhash: dakota-mirror-tennis-finch
File name:8e0be060385c07d8e8860749f9c721c3
Download: download sample
File size:409'856 bytes
First seen:2021-10-13 01:58:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 63ac7c2799723925dd310860701c20d0 (4 x RedLineStealer, 1 x RaccoonStealer)
ssdeep 12288:6iaF391H826CgHKAMqJL0o5D7XssE0Bq7f:er1crCC0o+D
Threatray 79 similar samples on MalwareBazaar
TLSH T120942338227BD84CE06F46BE3017AB5D9ABD4C186CF6C771BB493254EAFD28434C15A6
File icon (PE):PE icon
dhash icon f0e894aaaca4c8f0 (4 x RedLineStealer, 2 x RaccoonStealer)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
8e0be060385c07d8e8860749f9c721c3
Verdict:
Suspicious activity
Analysis date:
2021-10-13 02:00:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/332bc3a8-c32f-4012-9393-2bb677f16c82

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/197058/
Detection(s):
Win.Malware.Generic-9901230-0
Create hunting rule

Win.Malware.Generickdz-9901242-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/61663d309fb4d8593d631a45/reports/b9ee2343-65c1-463b-ad1d-54152fe3f7e4/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Ryuk
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/073e13f7-09da-4c0f-b137-723d4c67b712
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/869210
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Tries to evade analysis by execution special instruction which cause usermode exception
Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/46c8ac53157328105a599fd431f76664c79b597ab7686e12897b2d07043f8d2b/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-10-07 16:57:17 UTC
AV detection:
27 of 38 (71.05%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
ryuk
Create hunting rule
Similar samples:
1f6c43e2bd2c2d8a9c8b603488301fdf6b1c074a88e9b48e4b6a9daeab0b1718
2886de9d76ef4a0531d223adddb017ca6f0ac5f1d69c16c7595b0ac9051d5438
5dbe7d927fbad788711eb319a3450f00b1f8618b6e2bbe83d2db30276f8e8ff2
6e3e15aaf05f995fde696fd7e54c21c3af5331623a3dd7f8279060f72b18518f
725e05473380845b888484c94414f03424794c8450abe0aa3a903997d6607815
7d6bc9c488ef81546e89c929a34e3d067ff083599c80edad38987fd0771cfe4a
8776ab0754e874c4850f80bd4b455ee1f55c3be6e44d307edfd3b1efa58d257b
aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e
da2ecefc454007a958e88519df581885a05a3abe4bffa99d55d8fcde87362ca3
e09931997c18281c3a4cb81710b11a2924ed9617e60106fccdc2d6564b81e40e
+ 69 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/211013-cdwnssdccm/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
b7561a4ee1c093427bbed04485129eeceff02503ac4b378e603b48f36d85b17a
MD5 hash:
25e15aa8ce18fe43d20a730c6eb66541
SHA1 hash:
3b371da0a6775692dc5e8c48b3122b30cdbc6fb5
Link:
https://www.unpac.me/results/bb533f37-792a-4893-b5dd-068d2353ebae/
SH256 hash:
d50c4413990ecee3f0b27506b9a7c1c375024fee332bc44feb193ff5cb05fa4a
MD5 hash:
40eb7092d25d067a14e1df6673dd9704
SHA1 hash:
05ed5febfebd67707a66a0529b6fa6ff7755a2fe
Link:
https://www.unpac.me/results/bb533f37-792a-4893-b5dd-068d2353ebae/
SH256 hash:
46c8ac53157328105a599fd431f76664c79b597ab7686e12897b2d07043f8d2b
MD5 hash:
8e0be060385c07d8e8860749f9c721c3
SHA1 hash:
18d38d893ded507b058266857633083d1fbdbac5
Link:
https://www.unpac.me/results/bb533f37-792a-4893-b5dd-068d2353ebae/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/46c8ac531573/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/46c8ac53157328105a599fd431f76664c79b597ab7686e12897b2d07043f8d2b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 46c8ac53157328105a599fd431f76664c79b597ab7686e12897b2d07043f8d2b

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1672545/
Cape
Cape
https://www.capesandbox.com/analysis/197058/

Comments


Avatar
zbet commented on 2021-10-13 01:58:02 UTC

url : hxxps://krkm.jelikob.ru/823574141.exe