MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b50dffc03fa2eb27a7cfb43c0e9fc31c95411e2193a564eb6b6578e28155839. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ClipBanker


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b50dffc03fa2eb27a7cfb43c0e9fc31c95411e2193a564eb6b6578e28155839
SHA3-384 hash: 6748401a4b9a41d85f0e25bc89c36bcefb44ee9c5d508107d4ba1906f8a5ff28ea7f7094738a7823321af1c752854911
SHA1 hash: 33fcfb9cb7c7e698c1c7da27174ded1e00cfdf0a
MD5 hash: 21f6685dd6b90f73bf9586acbc41f408
humanhash: louisiana-harry-golf-maryland
File name:ctfmom.bin
Download: download sample
Signature ClipBanker
Create hunting rule
File size:243'712 bytes
First seen:2020-10-05 12:50:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d48076f4fb0c05cb055b77fb24f0a143 (1 x ClipBanker)
ssdeep 6144:omalc+otpWqr4JqAkfyaSZuIGaAOwXuq5:oNc+otp5FiuIGaKf5
Threatray 1 similar samples on MalwareBazaar
TLSH EC348E1075E2C472D572153508F8DB76893EBD110B2595EB6BE80B3E8F302D2AF71A7A
Reporter JAMESWT_WT
Tags:ClipBanker

Intelligence

File Origin
# of uploads :
1
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/68216/
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/481500
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b50dffc03fa2eb27a7cfb43c0e9fc31c95411e2193a564eb6b6578e28155839/
Threat name:
Win32.Trojan.CoinsUtil
Create hunting rule
Status:
Malicious
First seen:
2020-09-27 16:28:41 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
3bb9f55514122071824320091030f517a2809c140d86791275037569b26f53f1
ClipBanker
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201005-xvettkqqnn/
Behaviour
Adds Run key to start application
Unpacked files
SH256 hash:
6b50dffc03fa2eb27a7cfb43c0e9fc31c95411e2193a564eb6b6578e28155839
MD5 hash:
21f6685dd6b90f73bf9586acbc41f408
SHA1 hash:
33fcfb9cb7c7e698c1c7da27174ded1e00cfdf0a
Link:
https://www.unpac.me/results/995d8373-ce1e-4667-bd80-daeb52ce210e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6b50dffc03fa2eb27a7cfb43c0e9fc31c95411e2193a564eb6b6578e28155839

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/68216/

Comments