MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56288aa7af61d7110f116681c6785f3ac6ffc269bd7a6a5051040b803c4dbea4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 56288aa7af61d7110f116681c6785f3ac6ffc269bd7a6a5051040b803c4dbea4
SHA3-384 hash: 73b81a2544c602a160baf796ef860019794da9ebc6c7c75217a6f230e05ed580c3b28f03e9f97b74c2f8f43cc703887c
SHA1 hash: b39ba1790feca1e62225f7a74d12d3af52f42a0a
MD5 hash: a172105e656889fde4cfa937ce83530b
humanhash: hawaii-carpet-kansas-quebec
File name:a172105e656889fde4cfa937ce83530b.exe
Download: download sample
File size:654'848 bytes
First seen:2022-02-07 14:54:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 059e939bc149cd78a08e6bfa706a4e4a (2 x RedLineStealer, 1 x ArkeiStealer, 1 x Loki)
ssdeep 12288:alaxPh6r9eSo+jlHbca8WKO085G3vXZaBLTPL8x0ylLVnbs/u4X+Lt:7wJeSllAO08G3xavL8x0obs2U+R
Threatray 899 similar samples on MalwareBazaar
TLSH T186D4F110BA90C035E5BB06F086B5D3ACB52F7AF25B3495CB63E61ADA06356E0DC31357
File icon (PE):PE icon
dhash icon b2dacabecee6baa6 (148 x RedLineStealer, 145 x Stop, 100 x Smoke Loader)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/235893/
Detection(s):
Win.Packed.Filerepmalware-9938531-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Creating a file in the %AppData% subdirectories
Сreating synchronization primitives
Query of malicious DNS domain
Sending an HTTP GET request to an infection source
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/6259/overview
Behaviour
MalwareBazaar
SystemUptime
CPUID_Instruction
MeasuringTime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/620132ca4077c8b9a01b6ade/reports/13543e19-50e3-471e-b1b9-50cf2ad9b679/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/644294ad-c16d-48fb-b8ed-6d82562fba62
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spre.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/935261
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/56288aa7af61d7110f116681c6785f3ac6ffc269bd7a6a5051040b803c4dbea4/
Threat name:
Win32.Trojan.Raccrypt
Create hunting rule
Status:
Malicious
First seen:
2022-02-07 14:55:18 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2926ccc6367bf654ba9e7d5c8b3c1fd27d8af6241febf30bfe116476be12d316
44162c70a77cd897fec36313ee660ba4c4df34fb96e62d3a1a8b8ca0b26a9a3e
556274658598eef16051157d298e3a1062d46ebee23bf491268a68c3a8996be5
8fcfdca4fec3425766fc7a684dbfbb471766633a288d5d449ebe4c0e0bc0431f
96feb301b146625ffc5c397df1c72bc77c7f76e817f4adc294962a4d034841d9
bb57cf105b3589eae3a916d922eab0b3bad2672980700cfed98d5321084cf49a
fd1950809cc08c90a09af1289b6107d2f86f4873eca54d2ef2baf3a0590a5491
+ 889 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/220207-sahwjadcgj/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Enumerates physical storage devices
Drops file in Windows directory
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Unpacked files
SH256 hash:
86cec2665ff431668f274fecddf883fb5b532c06ee1a495ce60d5fbbb90c3a33
MD5 hash:
f7246b8631cad60d643fe3625a823397
SHA1 hash:
3aabf69029480970b338bb37a511d307aaf40c79
Link:
https://www.unpac.me/results/5d257f0a-fd7f-46d9-83a0-cd80872bf2d5/
SH256 hash:
56288aa7af61d7110f116681c6785f3ac6ffc269bd7a6a5051040b803c4dbea4
MD5 hash:
a172105e656889fde4cfa937ce83530b
SHA1 hash:
b39ba1790feca1e62225f7a74d12d3af52f42a0a
Link:
https://www.unpac.me/results/5d257f0a-fd7f-46d9-83a0-cd80872bf2d5/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 56288aa7af61d7110f116681c6785f3ac6ffc269bd7a6a5051040b803c4dbea4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1942109/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/235893/

Comments