MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4aadef23f11dd8fdc214bea41b6f7819bf723f20f581fec84d38e3ab1d08ad94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ClipBanker


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4aadef23f11dd8fdc214bea41b6f7819bf723f20f581fec84d38e3ab1d08ad94
SHA3-384 hash: 654606cb15e7addb8d97be604b28319ca64d58a637e3dac3efc3570423cc752edb3ea3f59e77285ea6e65c290f6eaf96
SHA1 hash: 4b0f10a651e77f13100e1b20585d0c61961acab6
MD5 hash: 1927f2ef1d2c636cf4115bce53cf0eab
humanhash: twelve-tango-mockingbird-bakerloo
File name:1927f2ef1d2c636cf4115bce53cf0eab
Download: download sample
Signature ClipBanker
Create hunting rule
File size:57'344 bytes
First seen:2021-07-28 17:04:15 UTC
Last seen:2021-07-28 17:47:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bf43a37a6ae0ed2852f82f44f0a6f32a (1 x ClipBanker)
ssdeep 768:fMyTlenToDMTEp1Gjy76rM9QXPvRePLrlteelpI:fGEYT5y39QXHRErjlpI
Threatray 1'169 similar samples on MalwareBazaar
TLSH T16D436B1379F2C173D696417218724F4B9BBBBA310A718A5B6BA40B4D6E315D0CA3F317
Reporter zbetcheckin
Tags:32 ClipBanker exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
x86_x64_setup.bin
Verdict:
Malicious activity
Analysis date:
2021-07-26 08:46:03 UTC
Tags:
evasion trojan rat redline phishing stealer vidar loader
Link:
https://app.any.run/tasks/aae79fd7-6115-490a-82b5-e69f179899bf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Fabookie
Create hunting rule
Link:
https://www.capesandbox.com/analysis/174732/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader40.49527.3720.10239.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/294cc724-1316-4e3c-92d9-ba9e14cdd519
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/823238
Signature
Creates processes via WMI
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-07-26 17:21:00 UTC
AV detection:
20 of 46 (43.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jkw66i7rdxmp3qqux2sbw33ydg7xepza6wa75scnhdr2whiivwka._file
Verdict:
suspicious
Similar samples:
244e43b042445635b9311f0a575a30bf27644ec34e5fc7085447f09859c7d968
ClipBanker
474a473bf46fdbfb5a9344937674c1455d764e74c2cd8892da7d59f68ffadd5c
ClipBanker
72b24e99cdd46d7cee31af6d8858782b775db1753d4ed954774a2b1306d5dd89
ClipBanker
93dcedb1435aa44a336b407c0044da614a3a15336995c5547abe70c5e741a35f
ClipBanker
9df54d4e8faccc9aff9d8ea76a8aaf9e1f64ef0e32dbe9904b4654cee4884e1e
ClipBanker
ab8d377d550ebae841ab75d2d6257fb38960efc049037bbd2468483871897e5d
ClipBanker
ae23b1d2d4ab785d755af246d6d82fca9fab091dbb4f886ac136812805354efd
ClipBanker
eddbfe52ba633950c388e0303d5a04453f9ba9e3a3cdc60f9a1355707cd209e6
ClipBanker
fe8417ad3e0bad396fd009f20ad6cb106605098ec72fb933bb6f8e16cb6d437d
ClipBanker
+ 1'159 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210728-bsvtqynpgj/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies registry class
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Loads dropped DLL
Process spawned unexpected child process
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
4aadef23f11dd8fdc214bea41b6f7819bf723f20f581fec84d38e3ab1d08ad94
MD5 hash:
1927f2ef1d2c636cf4115bce53cf0eab
SHA1 hash:
4b0f10a651e77f13100e1b20585d0c61961acab6
Link:
https://www.unpac.me/results/f2f32288-43f3-47e4-b375-a43edc9979f5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4aadef23f11dd8fdc214bea41b6f7819bf723f20f581fec84d38e3ab1d08ad94

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_HyperBro03
Create hunting rule
Author:ditekSHen
Description:Hunt HyperBro IronTiger / LuckyMouse / APT27 malware
Rule name:SUSP_XORed_MSDOS_Stub_Message
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed MSDOS stub message
Reference:https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ClipBanker

Executable exe 4aadef23f11dd8fdc214bea41b6f7819bf723f20f581fec84d38e3ab1d08ad94

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/174732/
  
URLhaus
https://urlhaus.abuse.ch/url/1487968/

Comments


Avatar
zbet commented on 2021-07-28 17:04:16 UTC

url : hxxp://live.goatgame.live/userf/2202.exe