MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57bda91e2199572cc00cb017e6d3b7fb313b22e8a2f77875df801cc256af4dcf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 57bda91e2199572cc00cb017e6d3b7fb313b22e8a2f77875df801cc256af4dcf
SHA3-384 hash: 1c8e4f7403cef61126e73c0c2b413869cb8cec2ebbc95ee0c5fa69794dcd3c364737302e38ce726ee2dd0722a712fa87
SHA1 hash: c6c536ba5e83b81ec20a71a683b55832a4b809f8
MD5 hash: fd9dafcb1f13afb52b820e67503fcf07
humanhash: north-batman-neptune-wyoming
File name:fd9dafcb1f13afb52b820e67503fcf07
Download: download sample
File size:431'616 bytes
First seen:2021-12-07 17:50:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4eb02e1fe9496df33596532c6e671ce9 (2 x RedLineStealer, 2 x RaccoonStealer, 2 x Smoke Loader)
ssdeep 6144:F5OG5fWB7SL5JiarBH605WH8CStDHPphXhrlrFJuZ3DRgxvfOR02gu:F5OefWBj+wOtDHxrlxJuZTRgpORd
Threatray 85 similar samples on MalwareBazaar
TLSH T10094BF00E6E0D035F5B316F89AB59368A93E7EA15B3490CF52D426EA5774AE0EC3071B
File icon (PE):PE icon
dhash icon b2dacabecee6aaa6 (1 x CoinMiner, 1 x RedLineStealer)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fd9dafcb1f13afb52b820e67503fcf07
Verdict:
Malicious activity
Analysis date:
2021-12-07 18:05:10 UTC
Tags:
trojan evasion
Link:
https://app.any.run/tasks/74c8d310-c580-491d-9c12-ea66a2bb1832

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/212250/
Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Query of malicious DNS domain
Sending an HTTP GET request to an infection source
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/1250/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61af9f094d8e6f3a5e177cff/reports/33cab010-0c34-47a4-bb1b-f4bc10a0256a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3c131379-6135-4080-a22c-fd08bbd57b47
Result
Threat name:
MedusaHTTP
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/903325
Signature
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected MedusaHTTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/57bda91e2199572cc00cb017e6d3b7fb313b22e8a2f77875df801cc256af4dcf/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-12-07 17:51:07 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
071cd8b46610c8e896a184a0b92dcaf7770c36badbdbdf3179cbfc208084e919
162ab00c0e943f9548b04f3437867508656480585369cb705613dd3accfd54c2
233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8
3bdcd4071feaaedd310ca11a2c598e95da859016b73236992ab8cca3b97d7faf
500fac9441ad73605875e83b17b9d116ef8e016131f7e5dc19ae0a2ebbf701ea
521ee4ebc055c938cef4592146f0db06bdc9785e06cec3137d9a6eeca4d10c51
a9dc8bc2e80847e41c306c393801632e02efcd1a516cea1104912c4ccaefa8a6
d035415df5f3a9180697a6aa8e8561e3cbc6a8c561be653247d8a93dc64c556a
+ 75 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/211207-we6d6sbhep/
Behaviour
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Unpacked files
SH256 hash:
879d4fb3080ee21ff958e9a4b98d4a1d9711c8e03f8272b2bed24b0a37e5ac64
MD5 hash:
bfd7a642e745eea5cecf70bfb4cda3f8
SHA1 hash:
ff5ae19506714f99383a614096b0f067d22cd6ae
Link:
https://www.unpac.me/results/432a2742-ce08-43eb-b5f9-e73f362d5b90/
SH256 hash:
57bda91e2199572cc00cb017e6d3b7fb313b22e8a2f77875df801cc256af4dcf
MD5 hash:
fd9dafcb1f13afb52b820e67503fcf07
SHA1 hash:
c6c536ba5e83b81ec20a71a683b55832a4b809f8
Link:
https://www.unpac.me/results/432a2742-ce08-43eb-b5f9-e73f362d5b90/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/57bda91e2199572cc00cb017e6d3b7fb313b22e8a2f77875df801cc256af4dcf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 57bda91e2199572cc00cb017e6d3b7fb313b22e8a2f77875df801cc256af4dcf

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/212250/

Comments


Avatar
zbet commented on 2021-12-07 17:50:35 UTC

url : hxxp://highart.top/foradvertisingwwk.exe