MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62cc6e9a440b5cacc6ba124f71407528da312577b595350d258a983cdd32119a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62cc6e9a440b5cacc6ba124f71407528da312577b595350d258a983cdd32119a
SHA3-384 hash: b6ec996fdacef01c8f69334c949a595bd8293cf9a5b1458e82c435957e667d0fe4b1fa8c3f9fd727c6878cd05c07fa65
SHA1 hash: 4322f67752d117da87a52f76eb23157955e0c350
MD5 hash: 0cb3eabbab3294d2860807ba9be055f7
humanhash: uncle-fourteen-october-kansas
File name:0cb3eabbab3294d2860807ba9be055f7
Download: download sample
File size:535'232 bytes
First seen:2022-01-10 08:27:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash afd8169c4a337ec37e09db5512dd74fb
ssdeep 12288:CUrh7jqguXy2+28dkqqO3cA4bA0XuY9WM6oUlrAUjiY:jBqgqy2+2V1uobAwuFM6oUlr
Threatray 180 similar samples on MalwareBazaar
TLSH T111B4D0C197E68A2AF8F74F31B8790D550261BC28E9B8FB5D02C4352F78762825D47B27
File icon (PE):PE icon
dhash icon bae2e3e3e3a3a291
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2.exe
Verdict:
Malicious activity
Analysis date:
2022-01-09 10:32:31 UTC
Tags:
evasion trojan rat redline
Link:
https://app.any.run/tasks/7a98233b-a599-48dd-a9e1-313b6563ec0d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/217967/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.47841831.2101.31932.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the window
Creating a window
Searching for analyzing tools
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
DNS request
Sending a custom TCP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/61dbee171c0d769df9ddfdee/reports/b725fbf4-100d-4a83-bf6c-444c687f80d5/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
EClipper
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9f7398a3-17b1-4047-9006-1734b053e539
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/917513
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade analysis by execution special instruction which cause usermode exception
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62cc6e9a440b5cacc6ba124f71407528da312577b595350d258a983cdd32119a/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-01-05 18:34:00 UTC
File Type:
PE (Exe)
Extracted files:
28
AV detection:
32 of 43 (74.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
ryuk
Create hunting rule
Similar samples:
0b976213f5961eb9720219d2624463ec6acc8947004710c7e9885746e2e27234
3b3281feef6d8e0eda2ab7232bd93f7c747bee143c2dfce15d23a1869bf0eddf
9629cae6d009dadc60e49f5b4a492bd1169d93f17afa76bee27c37be5bca3015
9f25264d954d82b3ef3dd1ab336bd7dad2ca7132b90c20128de327e1fb02f9cf
a5cf8668fc9624b386bbdad3a3dba28c029945048a7d15a0b0ee41dfe9e0a2df
f901c29eb448ec4288c6215ba6af0ce804009b69e6505ab35f1037f23851f5b7
f960b96c81f71d848a119d18aa4074ecaa71e39086a611f2dc637d579b9f6afa
fc7d4ac0a19ec0f8aa9c6bca854520705b9e56d51460ae5e8edb3b4c5573fbae
+ 170 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/220110-kc1kcsechk/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Unpacked files
SH256 hash:
ca12b42dea6cc3d706ff6a5c557a9c9d4c0cb96851f9cab8c7d1f3a295c20ee9
MD5 hash:
14525bdde5e9b226ce832b29400369f2
SHA1 hash:
b38958ffd14ed119062c398db16a988e4aceadee
Link:
https://www.unpac.me/results/8de5dfeb-5b30-4f02-a45b-7d6ead882d3b/
SH256 hash:
62cc6e9a440b5cacc6ba124f71407528da312577b595350d258a983cdd32119a
MD5 hash:
0cb3eabbab3294d2860807ba9be055f7
SHA1 hash:
4322f67752d117da87a52f76eb23157955e0c350
Link:
https://www.unpac.me/results/8de5dfeb-5b30-4f02-a45b-7d6ead882d3b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/62cc6e9a440b5cacc6ba124f71407528da312577b595350d258a983cdd32119a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 62cc6e9a440b5cacc6ba124f71407528da312577b595350d258a983cdd32119a

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1961888/
Cape
Cape
https://www.capesandbox.com/analysis/217967/
  
URLhaus
https://urlhaus.abuse.ch/url/1962358/

Comments


Avatar
zbet commented on 2022-01-10 08:27:42 UTC

url : hxxp://a0617224.xsph.ru/2.exe