MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c51139a5f272db52f58adb10074de00bf1046033d0ae970b924499e0dc4390f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CryptOne


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c51139a5f272db52f58adb10074de00bf1046033d0ae970b924499e0dc4390f
SHA3-384 hash: 4ad3edf62c49290eace6367cb504d625c9744841b5c22dd18149e7dc2c2ad4255ff2152be55c259ac3337c0132bda61b
SHA1 hash: a6930fce2a6a9814e96fd82971105b3f5fc0fb46
MD5 hash: c3fa3cd05081f537b369977fc914e3fa
humanhash: glucose-september-fillet-quebec
File name:c3fa3cd05081f537b369977fc914e3fa
Download: download sample
Signature CryptOne
Create hunting rule
File size:1'875'991 bytes
First seen:2023-07-03 09:02:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0e806fd55a4f41060c8e206a25d6875a (10 x CryptOne)
ssdeep 49152:W+Whq+BfJXAEEqIkWjcbgOhb1pSlQftwSMpzLmlwllLP:W+Whq+BfKEY48OhJpcQ1wtRm2P
Threatray 1 similar samples on MalwareBazaar
TLSH T1B595220176C0C8B3C9731A320FA5AB71AA7DB8300F249A8F93958D6DED356C187757A7
TrID 88.3% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
4.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
2.0% (.EXE) Win32 Executable (generic) (4505/5/1)
0.9% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon b3b3b371716b93b3 (25 x CryptOne, 12 x RemcosRAT, 6 x RedLineStealer)
Reporter zbetcheckin
Tags:32 CryptOne exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
273
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c3fa3cd05081f537b369977fc914e3fa
Verdict:
Malicious activity
Analysis date:
2023-07-03 09:05:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f2454f38-b8ac-4aac-a66c-2ac7b3a48766

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/405800/
Detection(s):
SecuriteInfo.com.Trojan.Uztuby.4.7446.21582.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the %temp% directory
Launching a process
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware lolbin overlay packed regsvr32 regsvr32 replace setupapi shdocvw shell32
Link:
https://www.filescan.io/uploads/64a28ec92299d2688264523a/reports/64833dd6-6876-4427-aa07-61445858c93c/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/6c51139a5f272db52f58adb10074de00bf1046033d0ae970b924499e0dc4390f
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/10243296-85d5-4b91-a679-b7fa45aa564e
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1265688
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6c51139a5f272db52f58adb10074de00bf1046033d0ae970b924499e0dc4390f/
Threat name:
Win32.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2023-07-03 09:03:07 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
17 of 23 (73.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nrirhgs7e4w3kl2yvwyqa5g6ac7rarqdhufos4fzerez4doehehq._file
Verdict:
unknown
Similar samples:
5cf55c9824d5c162a1f18f76c5b146a5c703b0d234c984045ac5849026411792
CryptOne
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230703-kz15eafg44/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
d84d7d8e3798eff8d6e16f8c5bb5ef386b08ddcaf357871b164d3ccf4d19c5fb
MD5 hash:
d0861e00ee080c5ebb543433c53358d8
SHA1 hash:
e75b3a2e0e12df8b0602da748cc466de07551813
Link:
https://www.unpac.me/results/0167c26e-3b8e-4849-a3d7-210c6a0a71c0/
SH256 hash:
6c51139a5f272db52f58adb10074de00bf1046033d0ae970b924499e0dc4390f
MD5 hash:
c3fa3cd05081f537b369977fc914e3fa
SHA1 hash:
a6930fce2a6a9814e96fd82971105b3f5fc0fb46
Link:
https://www.unpac.me/results/0167c26e-3b8e-4849-a3d7-210c6a0a71c0/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CryptOne

Executable exe 6c51139a5f272db52f58adb10074de00bf1046033d0ae970b924499e0dc4390f

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2673593/
  
URLhaus
https://urlhaus.abuse.ch/url/2675870/
Cape
Cape
https://www.capesandbox.com/analysis/405800/

Comments


Avatar
zbet commented on 2023-07-03 09:02:16 UTC

url : hxxp://77.91.68.30/fuzz/rama.exe