MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4cdace17e01f554f4fc14414d4a634136c7c3afe58d09a7eee935ebeefc17540. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	4cdace17e01f554f4fc14414d4a634136c7c3afe58d09a7eee935ebeefc17540
SHA3-384 hash:	1d9b2ee4644fb8c05426ef6f810d5275bd19f1009320d64a877c68c5cd779fe73d368a81dd667c0eb1984bf34a142600
SHA1 hash:	afb83e800aa497d120daf59ed5ef9ccfcd04f2df
MD5 hash:	2cf3c81b3b2a388090324727fc5a2853
humanhash:	oxygen-minnesota-red-massachusetts
File name:	file
Download:	download sample
File size:	16'455'192 bytes
First seen:	2022-11-15 21:22:23 UTC
Last seen:	2022-11-15 22:48:29 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e569e6f445d32ba23766ad67d1e3787f (259 x Adware.Generic, 41 x RecordBreaker, 24 x RedLineStealer)
ssdeep	393216:E4qjdwEH+f2q6VhgQa++qQHBSCGYD/PO9koXFP9Ato4k:HEeSNa++JZHDn2kQB9Ag
Threatray	3 similar samples on MalwareBazaar
TLSH	T110F6333FB22C653ED9AE0B3258738220A877BB65A81BCC0F17F4454CDF625605E3B656
TrID	59.6% (.EXE) Inno Setup installer (109740/4/30) 22.5% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 5.7% (.EXE) Win64 Executable (generic) (10523/12/4) 3.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 2.4% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	1270cc92caccd496
Reporter	jstrosch
Tags:	exe signed

Code Signing Certificate

Organisation:	Rocketship Apps, LLC
Issuer:	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:	sha256WithRSAEncryption
Valid from:	2021-12-22T00:00:00Z
Valid to:	2022-12-21T23:59:59Z
Serial number:	029776aa5671184c563a2033100df5c6
Intelligence:	3 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	c4cba8207ce200764a7758c370a24eaf33b99c4ed76ef84ac6a59eecb5c48208
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

190

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

redline

ID:

File name:

26f3ab3022c32610a89a7299d0074351.exe

Verdict:

Malicious activity

Analysis date:

2022-11-15 13:50:48 UTC

Tags:

installer evasion loader trojan rat redline raccoon recordbreaker amadey stealer vidar miner tofsee

Link:

https://app.any.run/tasks/df86bfd7-92e0-4c61-b05e-32c93779635d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

PUA.Win.Packer.Exe-6

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Сreating synchronization primitives

Searching for synchronization primitives

Creating a file

DNS request

Connecting to a non-recommended domain

Sending a custom TCP request

Searching for the window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

coinminer overlay packed setupapi.dll shell32.dll virus

Link:

https://www.filescan.io/uploads/6374033807c3f5e84a015447/reports/bd57bcd9-61e5-4b0c-89b8-a08d215aead5/overview

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d1bb2452-3e9b-4ea4-9cda-a22a9e52ce09

Result

Threat name:

Unknown

Detection:

clean

Classification:

evad

Score:

18 / 100

Link:

https://www.joesandbox.com/analysis/1114300

Signature

Obfuscated command line found

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4cdace17e01f554f4fc14414d4a634136c7c3afe58d09a7eee935ebeefc17540/

Threat name:

Win32.Trojan.Miner

Status:

Malicious

First seen:

2022-11-02 13:20:00 UTC

File Type:

PE (Exe)

AV detection:

4 of 26 (15.38%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jtnm4f7ad5ku6t6biqknjjrucnwhyox6ldiju7xosnpl536bovaa._file

Verdict:

unknown

86890f5d0dc15d61b23cef3a33334a22fd11a729d8831f3eb9d8b54ffb48fa98

8a227b80714a2ee25f04541f20c7bcee3063d96541dde42e9c99523e2cd74341

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/221115-z8fx6aga47/

Behaviour

Suspicious use of WriteProcessMemory

Loads dropped DLL

Executes dropped EXE

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/92872227-4b2f-4f1e-8ac3-45952f0b57ee

Unpacked files

SH256 hash:

a08700948e43386b82b549cdbacf6e18a6fe63253ab389afac3ea498d87d9fc7

MD5 hash:

5d9cca5da50171a9b3cd8a8d9089ac4f

SHA1 hash:

85aa8a5cff328ac5d2434febca2df8b973316ace

Link:

https://www.unpac.me/results/f96cfea7-05b3-43bb-ba12-0b674e817b69/

SH256 hash:

4cdace17e01f554f4fc14414d4a634136c7c3afe58d09a7eee935ebeefc17540

MD5 hash:

2cf3c81b3b2a388090324727fc5a2853

SHA1 hash:

afb83e800aa497d120daf59ed5ef9ccfcd04f2df

Link:

https://www.unpac.me/results/f96cfea7-05b3-43bb-ba12-0b674e817b69/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4cdace17e01f554f4fc14414d4a634136c7c3afe58d09a7eee935ebeefc17540

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 4cdace17e01f554f4fc14414d4a634136c7c3afe58d09a7eee935ebeefc17540

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2407602/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample