MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c1a5761cf8f62168d6e01b29a801bb5e99aab594263f9f77051f1d4a2c0b5b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c1a5761cf8f62168d6e01b29a801bb5e99aab594263f9f77051f1d4a2c0b5b4
SHA3-384 hash: 32207cd38ed36fdc1df0fddcd371dbff1e3475751fd796f742c4d1290be7e48b4c1a6a5267a9abc4e15efeb4fcf63a02
SHA1 hash: f66002b7a9ed4eb0fff3ec773b9df1b040de1710
MD5 hash: 881fd340ce9f4a12833fcc988085efa6
humanhash: fillet-two-pennsylvania-island
File name:881fd340ce9f4a12833fcc988085efa6.exe
Download: download sample
File size:1'574'618 bytes
First seen:2023-07-21 05:52:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 91e96141ed5dbe3bc541c8aad7ff3c38 (22 x CryptOne, 7 x njrat, 5 x DCRat)
ssdeep 49152:BllLtOvB8y4eXOAU2NAHUfSqtXPEPA/S0ZoLybv6LpZ:BllLOG76AgSqtV/SwVv6tZ
Threatray 58 similar samples on MalwareBazaar
TLSH T16D752312B6C1C8B2D9E7153519E19B757B3CBD306B368EDB53446A1E8E349C0DA383A3
TrID 91.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.6% (.EXE) Win64 Executable (generic) (10523/12/4)
1.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
0.6% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
251
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
881fd340ce9f4a12833fcc988085efa6.exe
Verdict:
Malicious activity
Analysis date:
2023-07-21 05:57:43 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7ea4af7a-a84d-4735-af8e-810ce9e063a9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/427287/
Detection(s):
SecuriteInfo.com.Variant.Fugrafa.267521.30514.22927.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
Labled as:
Trojan.Agent
Link:
https://www.hybrid-analysis.com/sample/5c1a5761cf8f62168d6e01b29a801bb5e99aab594263f9f77051f1d4a2c0b5b4
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/12938207-e1d5-4125-bbaa-d1b026dd0bd6
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1277332
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c1a5761cf8f62168d6e01b29a801bb5e99aab594263f9f77051f1d4a2c0b5b4/
Threat name:
Win32.Trojan.Uztuby
Create hunting rule
Status:
Malicious
First seen:
2023-07-20 16:02:56 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
21 of 36 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lqnfoyopr5rbndloagzjvaa3wxuzvk2zijr7t53qkhy5jiwaww2a._file
Verdict:
unknown
Similar samples:
014e574ce2454214c7aa61d94ebb9be669ead513d2bb60b9fdf527907c088792
22d63c0ca31019e77eb995fed035cac211e6d82e24e6d54105e26adc0c2d0373
278305d714746ff033e5b15a7b93a26ec56fbf9f32a8b0cd036b352667fe8c34
3d46e0a434a318139ea0d258b25d1aeb6675c1221fced184970b0f5e59e76cbd
81c2ce98187e55391b67b181ba9f4e26ff2593bef4a02aefa46fe602b3c48381
9eabc737fcd4b9e3ee124a01cc30943e31d92a64e177be4e096d42b85359fe17
de4cd2e5d0d0969ef21f93c4f33dad620c8383b24d2dd8c361403d69b20178f0
e4c701c10cc4eeceb1e344e31e05eda5683d40ccb39e0b8473d7750227287063
fa9884511a32bb9801860bc8aee5c3fd408d767f7676e6a54fb666d83ffc82e1
+ 48 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230721-glb2kscb93/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
5c1a5761cf8f62168d6e01b29a801bb5e99aab594263f9f77051f1d4a2c0b5b4
MD5 hash:
881fd340ce9f4a12833fcc988085efa6
SHA1 hash:
f66002b7a9ed4eb0fff3ec773b9df1b040de1710
Link:
https://www.unpac.me/results/b5dea688-2a2a-4c47-9e20-394d154ea9df/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c1a5761cf8f62168d6e01b29a801bb5e99aab594263f9f77051f1d4a2c0b5b4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5c1a5761cf8f62168d6e01b29a801bb5e99aab594263f9f77051f1d4a2c0b5b4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2685099/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/427287/

Comments