MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5cf55c9824d5c162a1f18f76c5b146a5c703b0d234c984045ac5849026411792. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CryptOne


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5cf55c9824d5c162a1f18f76c5b146a5c703b0d234c984045ac5849026411792
SHA3-384 hash: 6987b867cd058f55621c114ba65761238c69b7edf4120d72161261829719ab99f87380bb4b73d3508d4f5252cf48eee4
SHA1 hash: 1a9655499c10006513478c16f7d77052d2f7e6da
MD5 hash: 7a2504d21a60af573655987b7ae53ea3
humanhash: enemy-emma-tennessee-jersey
File name:SecuriteInfo.com.Trojan.Uztuby.4.25506.25923
Download: download sample
Signature CryptOne
Create hunting rule
File size:1'981'270 bytes
First seen:2023-06-29 15:29:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0e806fd55a4f41060c8e206a25d6875a (10 x CryptOne)
ssdeep 49152:W+Whq+BfJXAEEI/bX8aL7zaEa8tCzVNSxSlnsZ:W+Whq+BfKEx/TDvaEaSxysZ
Threatray 541 similar samples on MalwareBazaar
TLSH T1769523027BC084B2C6735E336F66A3307A7DF9285F459ECFC791482DAE709C19236696
TrID 88.3% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
4.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
2.0% (.EXE) Win32 Executable (generic) (4505/5/1)
0.9% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon b3b3b371716b93b3 (25 x CryptOne, 12 x RemcosRAT, 6 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:CryptOne exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
327
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Uztuby.4.25506.25923
Verdict:
Suspicious activity
Analysis date:
2023-06-29 15:31:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d7d35d33-d9ff-4ba1-861d-627870589be8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/403805/
Detection(s):
SecuriteInfo.com.Trojan.Uztuby.4.25506.25923.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the %temp% directory
Launching a process
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/94147/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm control crypto greyware lolbin overlay packed replace setupapi shdocvw shell32
Link:
https://www.filescan.io/uploads/649da4cb7faaa05b2bd5fe66/reports/340356e0-358c-430f-9ceb-e88f5e8304ab/overview
Verdict:
Malicious
Labled as:
Trojan.Uztuby
Link:
https://www.hybrid-analysis.com/sample/5cf55c9824d5c162a1f18f76c5b146a5c703b0d234c984045ac5849026411792
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/28396aac-f1cf-442d-8b09-07026a5b0b46
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1263371
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 896401 Sample: SecuriteInfo.com.Trojan.Uzt... Startdate: 29/06/2023 Architecture: WINDOWS Score: 60 24 Multi AV Scanner detection for dropped file 2->24 26 Multi AV Scanner detection for submitted file 2->26 9 SecuriteInfo.com.Trojan.Uztuby.4.25506.25923.exe 8 2->9         started        process3 file4 22 C:\Users\user\AppData\Local\Temp\~nRPF.Eb1, PE32 9->22 dropped 12 control.exe 1 9->12         started        process5 process6 14 rundll32.exe 12->14         started        signatures7 30 Tries to detect sandboxes / dynamic malware analysis system (file name check) 14->30 17 rundll32.exe 14->17         started        process8 process9 19 rundll32.exe 17->19         started        signatures10 28 Tries to detect sandboxes / dynamic malware analysis system (file name check) 19->28
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5cf55c9824d5c162a1f18f76c5b146a5c703b0d234c984045ac5849026411792/
Threat name:
Win32.Trojan.Uztuby
Create hunting rule
Status:
Malicious
First seen:
2023-06-29 15:30:07 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lt2vzgbe2xawfiprr53mlmkguxdqhmgsgteyibc2ywcjajsbc6ja._file
Verdict:
malicious
Similar samples:
0a0c50dbc5d0c9811bfd0552ddd075e0e1df2cf07049cc546e41f9bf08cb8290
CryptOne
0af3aa9e62ae449301ef9b3d9965d45775c13b2fc7a662795d39585d5c0fa908
CryptOne
18ab5e7a8a16ee97cfaf8d710e023a7816f0e0c6e57c1d6ca2f9ca311db0dd12
CryptOne
3f64e635a811969032be1c3bd6d467b6edae118ea00996a66e56e9d798a4db03
CryptOne
43d1c7d70506db33b4db5a3f27582e1f1493b69b6d2493756c88f550529ca969
CryptOne
4508befe4b8012035c52c7aaccbe89b9f75919bdcc86feb8fe79ae01fdea8179
CryptOne
811566c02b85bfff2c60105b3638aa7a7d906658c1fc1fd0e2f5112dfcb492be
CryptOne
cf76ac64d1038d54fa178a67712a4916e021b6b381241b44c2ceed7428ba4692
CryptOne
+ 531 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230629-sxga8adg46/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
df39e940af0cf85810c137fdbf6f0cc3b1dcf2de45d4259f2fc06457622fc65e
MD5 hash:
3f3b986a46e4284242842e2fc0529b7f
SHA1 hash:
e2badf4e5fc93e02ba894dc80d2ca791779dd8ae
Link:
https://www.unpac.me/results/ce31975a-1700-429f-ba17-07a799c31a04/
SH256 hash:
5cf55c9824d5c162a1f18f76c5b146a5c703b0d234c984045ac5849026411792
MD5 hash:
7a2504d21a60af573655987b7ae53ea3
SHA1 hash:
1a9655499c10006513478c16f7d77052d2f7e6da
Link:
https://www.unpac.me/results/ce31975a-1700-429f-ba17-07a799c31a04/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5cf55c9824d5c162a1f18f76c5b146a5c703b0d234c984045ac5849026411792

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CryptOne

Executable exe 5cf55c9824d5c162a1f18f76c5b146a5c703b0d234c984045ac5849026411792

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/403805/
  
URLhaus
https://urlhaus.abuse.ch/url/2673593/
  
Delivery method
Distributed via web download

Comments