MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f452da2126dcc7e7936b78a47785ab44deee92d0eb46223dee092bcc8120335. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f452da2126dcc7e7936b78a47785ab44deee92d0eb46223dee092bcc8120335
SHA3-384 hash: beea4bb0bb11b83b41b26dc966be15572239c6901fb3cda0301008d1788511c2716ef75a675da6566a95b114d2f213a3
SHA1 hash: 49b6face09b00d55bb0809de8fbcc7f9ddccfda4
MD5 hash: e6eb772cdabde2f87373aa7bcd387d26
humanhash: fix-oklahoma-nineteen-yankee
File name:SecuriteInfo.com.Trojan.Uztuby.4.14494.27777
Download: download sample
File size:2'287'768 bytes
First seen:2022-06-25 00:09:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ae9f6a32bb8b03dce37903edbc855ba1 (28 x CryptOne, 18 x RedLineStealer, 15 x njrat)
ssdeep 24576:YOfNkuu6oLsSwHamh4R3vY17cSHTOhZSJC2ezN1Bt8q5/lvUU50xJpWWrZB2pWPs:H6s6NPSHTcF2eXBxvL0Hrj2lz
Threatray 1'505 similar samples on MalwareBazaar
TLSH T1EDB54609A147E27BFCFD08A7445090D4C29C7FAA7B128DCDE93AC59A141F482B7B6D87
TrID 89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
294
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/283175/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the %temp% directory
Launching a process
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/22788/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
80%
Tags:
greyware overlay setupapi.dll shdocvw.dll shell32.dll
Link:
https://www.filescan.io/uploads/62b65232666084d7254c2842/reports/2b3d390c-c9e9-4fe3-b1f1-a76d56fa1526/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8a733ea0-81f1-427a-9463-61b072444b38
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1019615
Signature
Antivirus detection for dropped file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 652111 Sample: SecuriteInfo.com.Trojan.Uzt... Startdate: 25/06/2022 Architecture: WINDOWS Score: 48 22 Antivirus detection for dropped file 2->22 9 SecuriteInfo.com.Trojan.Uztuby.4.14494.exe 3 8 2->9         started        process3 file4 20 C:\Users\user\AppData\Local\...\x0nRjm4C.cpl, PE32 9->20 dropped 12 control.exe 1 9->12         started        process5 process6 14 rundll32.exe 12->14         started        process7 16 rundll32.exe 14->16         started        process8 18 rundll32.exe 16->18         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4f452da2126dcc7e7936b78a47785ab44deee92d0eb46223dee092bcc8120335/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2022-06-25 02:41:00 UTC
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j5cs3iqsnxgh46jww6feo6c2wrg652jnb22gei664cjlzsasam2q._file
Verdict:
malicious
Similar samples:
1ba812e8f200b18b8f04bf694314c9b5127aa8a3ce5351ac389639fb69d6d528
2d1d2cd3f3cbce923d3db88aa44212210da57e9e032e2ff4a1766fe51ff1255e
384b35bfb6d07dda3ea948bb9aa47a3024822ff40d21a13932381d6386643acc
51e380e872b007b342e94119d6665cc15ce492964c82799117e50e2f103a5ac3
6c8131fc986f9477582f43530e0bdc660887285c83360c52e6b68876a57dc9b0
abc845a1bcb5a82c786c55f8f778cef56bcfb4e66eec07172c14fb4cf78dcfcc
b08e7b20a96d4bf0d2795d783b2b066abff7c0d82ccb15e616df533835193f5d
c21002370700932f744db40abd356df44e0a665459f20fa62b7703b865c48318
eddbfe52ba633950c388e0303d5a04453f9ba9e3a3cdc60f9a1355707cd209e6
+ 1'495 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220625-af2aysgeej/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
4f452da2126dcc7e7936b78a47785ab44deee92d0eb46223dee092bcc8120335
MD5 hash:
e6eb772cdabde2f87373aa7bcd387d26
SHA1 hash:
49b6face09b00d55bb0809de8fbcc7f9ddccfda4
Link:
https://www.unpac.me/results/54e707f7-59ce-4dc6-8a13-9f8b8b37ef39/
Malware family:
CryptOne
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/4f452da2126d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4f452da2126dcc7e7936b78a47785ab44deee92d0eb46223dee092bcc8120335

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4f452da2126dcc7e7936b78a47785ab44deee92d0eb46223dee092bcc8120335

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/283175/
  
URLhaus
https://urlhaus.abuse.ch/url/2249060/
  
Delivery method
Distributed via web download

Comments