MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b7a2535ceb032e616fff2a08328d38b98a60870e7c08e7c600d7b945d2f8fcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b7a2535ceb032e616fff2a08328d38b98a60870e7c08e7c600d7b945d2f8fcc
SHA3-384 hash: 43825ac97424638aef2491f97aabc5ab8d4a087dbc797d1dc6a248a6d9b51d7ba3ed87b9a00c0d616847dd3ea4bcb810
SHA1 hash: ad0365f6fb9de1b29e01b8b13ae6bf329ce897eb
MD5 hash: 0f41234ce843d72a64c622ed1a7a8cb0
humanhash: papa-fix-moon-princess
File name:0f41234ce843d72a64c622ed1a7a8cb0
Download: download sample
File size:66'048 bytes
First seen:2021-09-05 09:29:06 UTC
Last seen:2021-09-06 19:31:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4c2a534098486955f846a0368c9744ec
ssdeep 1536:KjRsWpkPNlmRWpeLKei1yX+oVm6LGHy+6XQYcwCwV1/wf:9ziWpeLKei1yuNynXQYcwC
Threatray 6 similar samples on MalwareBazaar
TLSH T12F537C1575A0A133C45605701439A3A2CE3EAA301BA281D7BFDC2F7F5F74BD5963A326
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://serialms.com
Verdict:
Malicious activity
Analysis date:
2021-09-04 19:16:12 UTC
Tags:
evasion trojan rat azorult stealer redline fareit pony raccoon loader opendir vidar
Link:
https://app.any.run/tasks/cd040787-3d45-4d6d-9921-c356c367f04f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/185403/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37536599.19793.15407.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Sending a UDP request
Running batch commands
Creating a process with a hidden window
Launching a process
Moving of the original file
Enabling autorun by creating a file
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4335ed73-218e-4ab0-830f-1a19a6992e5c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/845487
Signature
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 477918 Sample: Z5N8Px0Lrf Startdate: 05/09/2021 Architecture: WINDOWS Score: 52 18 Multi AV Scanner detection for submitted file 2->18 7 Z5N8Px0Lrf.exe 4 2->7         started        9 631C4B85A9111964116302.exe 3 2->9         started        process3 process4 11 cmd.exe 1 7->11         started        signatures5 20 Uses schtasks.exe or at.exe to add and modify task schedules 11->20 14 conhost.exe 11->14         started        16 schtasks.exe 1 11->16         started        process6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b7a2535ceb032e616fff2a08328d38b98a60870e7c08e7c600d7b945d2f8fcc/
Threat name:
Win32.Trojan.Tasker
Create hunting rule
Status:
Malicious
First seen:
2021-09-04 15:49:22 UTC
AV detection:
10 of 27 (37.04%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1a32b479225283f435fe37ea7490bd319063d0cbf88ba6845821aa4eadbbdc91
1fab36a6629cd4e51b3cb35425c547a7e6bb74b14d5476cfaabe03ffa249e06f
248e331a82ad9163431cb93b8f896addf5a046306f35389270ce457e042dbd94
2603522c96e103c7707dc88be9b18bb603fc8d57a7f8635a9c5c6365cdff955d
95ca4bbcf27da5dfc45c3ae4228069c7a228951c9da064276ea5285afd70dbcf
cb72b73a404d3558ab932a260d7417ca25f4f35327a9407b446ad370ff9a5e1e
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210905-lghqsacfdp/
Behaviour
Creates scheduled task(s)
Suspicious behavior: RenamesItself
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Unpacked files
SH256 hash:
1248bd0d9fe899bddff258053e557ebeedfadb53098ec8d5106898045bdbf41f
MD5 hash:
5e1b2d4c1714b2d141a9f32944b40ad6
SHA1 hash:
dc675a8691f18eeda8551312416eae4a843c7103
Link:
https://www.unpac.me/results/6ad805ee-9ec2-4df4-8e51-427216c5ffbf/
SH256 hash:
6b7a2535ceb032e616fff2a08328d38b98a60870e7c08e7c600d7b945d2f8fcc
MD5 hash:
0f41234ce843d72a64c622ed1a7a8cb0
SHA1 hash:
ad0365f6fb9de1b29e01b8b13ae6bf329ce897eb
Link:
https://www.unpac.me/results/6ad805ee-9ec2-4df4-8e51-427216c5ffbf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6b7a2535ceb032e616fff2a08328d38b98a60870e7c08e7c600d7b945d2f8fcc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6b7a2535ceb032e616fff2a08328d38b98a60870e7c08e7c600d7b945d2f8fcc

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/185403/
  
URLhaus
https://urlhaus.abuse.ch/url/1593868/

Comments


Avatar
zbet commented on 2021-09-05 09:29:07 UTC

url : hxxp://37.49.230.185/dsa/clip.exe