MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c24ac18d41ffce9f28f6cdaede3f14cb9010e373bb0ed6150b1cd84122db47e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c24ac18d41ffce9f28f6cdaede3f14cb9010e373bb0ed6150b1cd84122db47e
SHA3-384 hash: 189ad9b596becb0eb1c5a6c7b5b8bca8bc173d72b6a15e894f5286db6cfadb4e69bc97a7cfef709999b04371548170d1
SHA1 hash: 5ccd242e9031fa4ffa52fc2d5351c41cfeb27694
MD5 hash: 1fe5b3911cfbe47ba1d97a2b6a3b115c
humanhash: batman-leopard-massachusetts-high
File name:1fe5b3911cfbe47ba1d97a2b6a3b115c
Download: download sample
File size:126'976 bytes
First seen:2022-01-31 00:53:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f326f88ca83c9aacaa44acfb8884f1d4 (8 x RedLineStealer, 4 x DCRat, 2 x CoinMiner)
ssdeep 3072:c/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFS8W:/tzsb5Uh28+V1WW69B9VjMdxPedN9ug/
Threatray 562 similar samples on MalwareBazaar
TLSH T180C3275BB2E01188EBB581F6D5920786EB7074721714A3DB1B7863B71B2B8C59F3D3A0
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1fe5b3911cfbe47ba1d97a2b6a3b115c
Verdict:
No threats detected
Analysis date:
2022-01-31 01:00:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7bfd1614-47c9-4ba4-8cc5-9be2fd7eae8d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/228202/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.27269.24432.13950.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Running batch commands
Using the Windows Management Instrumentation requests
Searching for the window
Creating a file
Launching the default Windows debugger (dwwin.exe)
DNS request
Launching a tool to kill processes
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5541/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/61f7332ed7fd65ae55f96163/reports/dc9e56f8-b3db-4fca-bf40-5b19e731367d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/83631851-8fdd-4423-b411-87e51931cd09
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/930613
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c24ac18d41ffce9f28f6cdaede3f14cb9010e373bb0ed6150b1cd84122db47e/
Threat name:
Win64.Trojan.Bitser
Create hunting rule
Status:
Malicious
First seen:
2022-01-30 04:04:47 UTC
File Type:
PE+ (Exe)
Extracted files:
3
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
069b31cb7f9054647b684da4fc5263fa690e32d75729ec6b5c808b0c532b9628
0757a3b97f39c1d8a6c3d94770762a3912304cfaffa0330761945acd7f236213
1282a0833d9c7c08cba67ad6424cb6205fd6d997a7d8e789be07d9db2381f487
19f71da28ebab8fe7256a657c603698ad607a7273e85d0e8b107269643cfa5dd
a8d8a6f9478a60a05d3b8c57a616da20c83b99bc7877c46163fcd126bbb25409
b88350726e9a1dc492b8fde7c03fdd0f5c7669b6919e1c25ddbcb8a69125c330
ca1c052698c5a5c7e5ddcd14a95709288a364cd0be7fa06d03c62c2ead4ea78b
f98183a2ad674f8aae6ad47e7da8b48c80175148ba333f0f57b3e6eca64bfaa6
+ 552 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220131-a8869sdeg8/
Behaviour
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
5c24ac18d41ffce9f28f6cdaede3f14cb9010e373bb0ed6150b1cd84122db47e
MD5 hash:
1fe5b3911cfbe47ba1d97a2b6a3b115c
SHA1 hash:
5ccd242e9031fa4ffa52fc2d5351c41cfeb27694
Link:
https://www.unpac.me/results/be5f336d-d971-4d4c-89d1-e0fb997d38e8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c24ac18d41ffce9f28f6cdaede3f14cb9010e373bb0ed6150b1cd84122db47e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5c24ac18d41ffce9f28f6cdaede3f14cb9010e373bb0ed6150b1cd84122db47e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2017259/
Cape
Cape
https://www.capesandbox.com/analysis/228202/

Comments


Avatar
zbet commented on 2022-01-31 00:53:23 UTC

url : hxxps://f1cheats.org/realdownload/notF1Cheats.exe