MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6112f44b8cf74d6b41fce94eb324b518c2cc3051a7aee076c904735ec8d34365. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6112f44b8cf74d6b41fce94eb324b518c2cc3051a7aee076c904735ec8d34365
SHA3-384 hash: 526274cbb0c886ffb3465115feb5d1181945d50899df68374bf156d26e84b03b8215517b049be8cdd3423e23b8c1452f
SHA1 hash: c05d06777824ae065181e908d3284efe9fadd1cb
MD5 hash: f27817607704cc0048e2bd0c422df41b
humanhash: monkey-cardinal-virginia-texas
File name:f27817607704cc0048e2bd0c422df41b
Download: download sample
File size:3'769'752 bytes
First seen:2021-11-11 21:16:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 98304:JmBxbnfaB6MYstecFMo9l3GwBd3LdjyynNQRzl:IBx66GteOMEBBd3LdXNQRp
Threatray 1'158 similar samples on MalwareBazaar
TLSH T1B8063383F5E1E572D9B01E7619185FE020397D200F269ED7B3943D1EEA250E1AF24BA7
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/205132/
Detection(s):
SecuriteInfo.com.Gen.Variant.Razy.582340.18684.14597.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
evasive greyware overlay packed
Link:
https://www.filescan.io/uploads/618d88533edf00a722cf37c4/reports/9184bcd8-2cfb-4d04-8a5e-d5c2ed71623e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5f9c9c21-e8a4-4824-ac24-43904f0f3f93
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/887794
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6112f44b8cf74d6b41fce94eb324b518c2cc3051a7aee076c904735ec8d34365/
Threat name:
ByteCode-MSIL.Trojan.Reline
Create hunting rule
Status:
Malicious
First seen:
2021-11-11 21:17:09 UTC
AV detection:
13 of 44 (29.55%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
13713a7b6d609042754fb59c1c9f3049c27c5ac8b052fd2e71f4025b8bc8e8ad
1a3736d0a59836c3feecb448a77c4ab269dbd29df9de58ef81070129e248eb6c
4f21ab65d432de2cf873d496e6a54514e12c62f4cc12623cab84f001b7380cb2
6208bcf39112f17ddce04ccc8eafa989009cf857f9adac40345dadd8863a0850
7e4bc5c98691dd99d7c856dc26110113c15d72fb5b8a73db75a9c9b2bee021e2
a75a498d8ec7bf58a12c07fac6ad98c5581a422cca03fa3ca87b01677f37247e
aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e
d2330df06094349f53773a89ff96e2f009e744b249fb1960e536bbbfaf7b5321
d38d3544130adfe47d06015ed85886b9ab6c1e4534e6265f2a594faa9f7a5cce
+ 1'148 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion persistence upx
Link:
https://tria.ge/reports/211111-z42dascbg3/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Enumerates physical storage devices
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Sets file to hidden
UPX packed file
Unpacked files
SH256 hash:
6112f44b8cf74d6b41fce94eb324b518c2cc3051a7aee076c904735ec8d34365
MD5 hash:
f27817607704cc0048e2bd0c422df41b
SHA1 hash:
c05d06777824ae065181e908d3284efe9fadd1cb
Link:
https://www.unpac.me/results/80f11e58-e141-48fb-b7d3-ff02ba88fc9d/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/6112f44b8cf7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6112f44b8cf74d6b41fce94eb324b518c2cc3051a7aee076c904735ec8d34365

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6112f44b8cf74d6b41fce94eb324b518c2cc3051a7aee076c904735ec8d34365

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1777380/
Cape
Cape
https://www.capesandbox.com/analysis/205132/

Comments


Avatar
zbet commented on 2021-11-11 21:16:28 UTC

url : hxxp://95.181.152.184/zzz666.exe