MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4cca9091484e1b53c182d79607fe3c334c19176a1d5f8f91624c3565e24f49b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4cca9091484e1b53c182d79607fe3c334c19176a1d5f8f91624c3565e24f49b8
SHA3-384 hash: 2d95b3021f04a4502ee8ac6022d0988728198513993972b5636650ebe478b8c75f49d6b300dad837ccedec54934c0d00
SHA1 hash: 761eae12ab1748b2450637822472c58663a2c041
MD5 hash: c583127f8d8cc307084f3071010d7cc8
humanhash: sixteen-white-lactose-carpet
File name:c583127f8d8cc307084f3071010d7cc8
Download: download sample
File size:353'792 bytes
First seen:2021-08-20 21:45:16 UTC
Last seen:2021-08-20 22:53:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash eff27d48d68df0af1612601744441acd (7 x RedLineStealer, 1 x RaccoonStealer, 1 x Smoke Loader)
ssdeep 6144:bZcp3+anf1v9fZhCQSx8gMPovz7ERoAMwd7Y5k8iR2Y4zgFnL:bO1+and9fZhyaPov3ERzQ5k8iRIsZL
Threatray 2 similar samples on MalwareBazaar
TLSH T15A740111B6B0E132E190943C9916C6905BFEA861FE70D1873F47E76E0EB1291DB3AF16
dhash icon 1072c292b0381902 (5 x RaccoonStealer, 3 x RedLineStealer, 1 x CryptBot)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c583127f8d8cc307084f3071010d7cc8
Verdict:
Malicious activity
Analysis date:
2021-08-20 21:46:15 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/729e9dc1-11d5-4947-90e3-4b5c2659f1e5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/181046/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.9685.5920.14466.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Sending a UDP request
Creating a window
Deleting of the original file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2495c3f4-97f7-448c-851e-c65cb4c44350
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/836699
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 469130 Sample: rm6WP07iUv.exe Startdate: 20/08/2021 Architecture: WINDOWS Score: 72 53 Multi AV Scanner detection for domain / URL 2->53 55 Multi AV Scanner detection for submitted file 2->55 57 Machine Learning detection for sample 2->57 7 rm6WP07iUv.exe 3 2->7         started        process3 file4 29 C:\ProgramData\1UswGNSUBr.exe, PE32 7->29 dropped 31 C:\...\1UswGNSUBr.exe:Zone.Identifier, ASCII 7->31 dropped 10 1UswGNSUBr.exe 16 7->10         started        15 WerFault.exe 9 7->15         started        17 WerFault.exe 9 7->17         started        19 5 other processes 7->19 process5 dnsIp6 47 193.56.146.55, 49686, 49689, 80 LVLT-10753US unknown 10->47 49 bitbucket.org 104.192.141.1, 443, 49687 AMAZON-02US United States 10->49 51 3 other IPs or domains 10->51 33 C:\ProgramData\OGGmMKsvfa.exe, PE32 10->33 dropped 59 Multi AV Scanner detection for dropped file 10->59 61 Machine Learning detection for dropped file 10->61 21 WerFault.exe 10->21         started        23 WerFault.exe 10->23         started        25 WerFault.exe 10->25         started        27 5 other processes 10->27 35 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 15->35 dropped 37 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 17->37 dropped 39 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 19->39 dropped 41 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 19->41 dropped 43 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 19->43 dropped 45 2 other malicious files 19->45 dropped file7 signatures8 process9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4cca9091484e1b53c182d79607fe3c334c19176a1d5f8f91624c3565e24f49b8/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-08-20 21:46:07 UTC
AV detection:
23 of 47 (48.94%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1a512b670911187dd2cc6a04b8da5d96b70df6129234b4fd97e30fcda7470365
a050c0bd12d9a09611dbce5d20787e37f907996908edb311570530feab91efed
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210820-mpeekl4fvx/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Legitimate hosting services abused for malware hosting/C2
Deletes itself
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
ed08cb5a40ff40bfa398b1a3ac6d2ab9cc92b56e971287c94463dd389fb5f26a
MD5 hash:
d299991063d72d9e2b9d93f6cc1cb70d
SHA1 hash:
48c115b11a614aeb6c7575bc0e7966a4d4cc7cb2
Link:
https://www.unpac.me/results/b9bad78f-3fc2-4775-b58d-642ab575b56d/
SH256 hash:
4cca9091484e1b53c182d79607fe3c334c19176a1d5f8f91624c3565e24f49b8
MD5 hash:
c583127f8d8cc307084f3071010d7cc8
SHA1 hash:
761eae12ab1748b2450637822472c58663a2c041
Link:
https://www.unpac.me/results/b9bad78f-3fc2-4775-b58d-642ab575b56d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4cca9091484e1b53c182d79607fe3c334c19176a1d5f8f91624c3565e24f49b8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4cca9091484e1b53c182d79607fe3c334c19176a1d5f8f91624c3565e24f49b8

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1525305/
  
URLhaus
https://urlhaus.abuse.ch/url/1523998/
  
URLhaus
https://urlhaus.abuse.ch/url/1524012/
  
URLhaus
https://urlhaus.abuse.ch/url/1529939/
Cape
Cape
https://www.capesandbox.com/analysis/181046/

Comments


Avatar
zbet commented on 2021-08-20 21:45:17 UTC

url : hxxp://91.241.19.52/Api/GetFile3/