MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c0eab34d29f544ccc591505f7b3ccf6e78a435a3911fa9408e252396950a383. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c0eab34d29f544ccc591505f7b3ccf6e78a435a3911fa9408e252396950a383
SHA3-384 hash: 52fab2e95c2ec474fb8412f1f975809ed507df26124ca1550e837ddc21dc3533948ee43f66d07b069e9c3f5c7a935034
SHA1 hash: a8b39a561f7e282cc36aaa3ed7bd415c24102db8
MD5 hash: 9837b620333971bc9ecbd284051335e9
humanhash: mexico-xray-delta-neptune
File name:9837b620333971bc9ecbd284051335e9.exe
Download: download sample
File size:418'304 bytes
First seen:2021-11-07 08:29:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9e3ac2424cecff905bdab3e7336b91cb (2 x RedLineStealer, 1 x RaccoonStealer, 1 x SystemBC)
ssdeep 6144:Z3OfCNGxuH4Ogi1A66076mKSvnjt9AqCruheHuzbgwu7igah1:Z3O6UQX1607rvjcqEuheHunnj7
TLSH T10F94E03076ECC839D6A70E308474D6B1163BBC126560A14BF6607B6E2E70FAC56F635E
File icon (PE):PE icon
dhash icon a1b4dcac9cccb484 (1 x ArkeiStealer, 1 x RedLineStealer, 1 x Amadey)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/202997/
Detection(s):
Win.Trojan.Generic-9906289-0
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61878e8fd8143ea269cdafc9/reports/03c188b1-695b-46a9-8e09-8f32c189d4fc/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8be0643f-ff43-4126-b630-9768b2fe4d09
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/884743
Signature
Creates autostart registry keys with suspicious names
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c0eab34d29f544ccc591505f7b3ccf6e78a435a3911fa9408e252396950a383/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-11-06 21:15:19 UTC
AV detection:
21 of 45 (46.67%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/211107-kd5wgafahr/
Behaviour
Suspicious use of WriteProcessMemory
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
f0ab3581dcd1c4380df110776b00c3e851cf7f4874506c9bf233af24888ed4e3
MD5 hash:
086cabcaf6ba4d02512c2a8e7ed0847a
SHA1 hash:
87e89d2761ed9f4b75eb6de0c1dc22925316c8de
Link:
https://www.unpac.me/results/78a4525c-d831-4aac-a10d-66871e8dd06d/
SH256 hash:
4c0eab34d29f544ccc591505f7b3ccf6e78a435a3911fa9408e252396950a383
MD5 hash:
9837b620333971bc9ecbd284051335e9
SHA1 hash:
a8b39a561f7e282cc36aaa3ed7bd415c24102db8
Link:
https://www.unpac.me/results/78a4525c-d831-4aac-a10d-66871e8dd06d/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/4c0eab34d29f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4c0eab34d29f544ccc591505f7b3ccf6e78a435a3911fa9408e252396950a383

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4c0eab34d29f544ccc591505f7b3ccf6e78a435a3911fa9408e252396950a383

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/202997/
  
URLhaus
https://urlhaus.abuse.ch/url/1755027/
  
Delivery method
Distributed via web download

Comments