MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fa95e4e25eb2cf60595af08ca20573f260e87b40a8202bbcfeb439634f0aeb6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6fa95e4e25eb2cf60595af08ca20573f260e87b40a8202bbcfeb439634f0aeb6
SHA3-384 hash: ef71053d60ce8dea387b4ebc33be6b71544974c1ee08b3542b641624f242f9267e8d7864d1fa9e42f1d886fc509b7e05
SHA1 hash: 53b9ba00065d07992fab361316441de49eda1626
MD5 hash: b15a0e59e709856f57c011a4110fae6b
humanhash: seven-quebec-colorado-crazy
File name:BC32.bin
Download: download sample
File size:1'902'727 bytes
First seen:2023-07-19 03:35:05 UTC
Last seen:2023-07-19 03:40:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash aac51396886833dc961fcd7aab7711e4 (11 x NetSupport, 7 x DCRat, 4 x njrat)
ssdeep 49152:zereFL30O/xFBOFFW34tx9sZ7/3UY0nb5D:zueFF/xrMO4P9s10t
Threatray 603 similar samples on MalwareBazaar
TLSH T1C6952302BBC156F2E07638374E758720A57DBC200F16CAEBA3C8595E9E105D19F36BA6
TrID 91.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.6% (.EXE) Win64 Executable (generic) (10523/12/4)
1.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
0.6% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter JAMESWT_WT
Tags:exe FruitMiX

Intelligence

File Origin
# of uploads :
2
# of downloads :
253
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
BC32.bin
Verdict:
Suspicious activity
Analysis date:
2023-07-19 03:39:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0701edf5-f42f-4248-83f7-45b7115ef0d0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/424420/
Detection(s):
Win.Malware.Uztuby-9979905-0
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware lolbin masquerade overlay packed packed replace setupapi shdocvw shell32
Link:
https://www.filescan.io/uploads/64b75a23feab465ae3506c31/reports/689721e7-6502-4541-a3bd-073826781fae/overview
Verdict:
Malicious
Labled as:
Trojan.Ciusky.Generic
Link:
https://www.hybrid-analysis.com/sample/6fa95e4e25eb2cf60595af08ca20573f260e87b40a8202bbcfeb439634f0aeb6
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8055f5dc-6d7f-47f5-b209-08c33da5141c
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1275609
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1275609 Sample: BC32.bin.exe Startdate: 19/07/2023 Architecture: WINDOWS Score: 68 24 Multi AV Scanner detection for dropped file 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 Machine Learning detection for sample 2->28 30 Machine Learning detection for dropped file 2->30 9 BC32.bin.exe 3 8 2->9         started        process3 file4 22 C:\Users\user\AppData\Local\...\LjtdWS~o.cpl, PE32 9->22 dropped 12 control.exe 1 9->12         started        process5 process6 14 rundll32.exe 12->14         started        signatures7 34 Tries to detect sandboxes / dynamic malware analysis system (file name check) 14->34 17 rundll32.exe 14->17         started        process8 process9 19 rundll32.exe 17->19         started        signatures10 32 Tries to detect sandboxes / dynamic malware analysis system (file name check) 19->32
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6fa95e4e25eb2cf60595af08ca20573f260e87b40a8202bbcfeb439634f0aeb6/
Threat name:
Win32.Trojan.Ciusky
Create hunting rule
Status:
Malicious
First seen:
2023-07-19 03:29:20 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n6uv4trf5mwpmbmvv4emuicxh4ta5b5ubkbafo6p5nbzmnhqv23a._file
Verdict:
malicious
Similar samples:
2742148f16a138218cc03322bfdc622361f424c767de16badec3f569450d738c
38e48e1967243e151457e75a0b17b04d65a840308d68cf116da52c2fa944f330
43d1c7d70506db33b4db5a3f27582e1f1493b69b6d2493756c88f550529ca969
5b7d0ba935c00115f524c0eb840e29dd45c212c6fd647c8cec8a89598f4b2090
6c51139a5f272db52f58adb10074de00bf1046033d0ae970b924499e0dc4390f
811566c02b85bfff2c60105b3638aa7a7d906658c1fc1fd0e2f5112dfcb492be
8bd89781eaebac4530248445e3e08a075853b1a798ed99b8df575980a2eab909
a4428ea2a84c197502595fa85062995ea128355f66d695b76c8911bd6c519bef
d81975e6928bab57ee1e4aec83dc6e87e19fb2155ad92e21c36fe48dfa79d641
eac6ff3966275b86a58143011c6e59ca907dc55ef3e533b089cf376bbceb0572
+ 593 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230719-d5w93sfe85/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
fe587e83e84faaaf71bce643c77b077a3c8162bb63973cc43831a0f9f4c7dbe9
MD5 hash:
c18be9990d123202d3a6f04d2565c9fc
SHA1 hash:
15ffd3ff9f0d3b96e78d87cd2a8141f060c67902
Link:
https://www.unpac.me/results/d5855cfa-d491-4487-b3c9-0902f97f921d/
SH256 hash:
6fa95e4e25eb2cf60595af08ca20573f260e87b40a8202bbcfeb439634f0aeb6
MD5 hash:
b15a0e59e709856f57c011a4110fae6b
SHA1 hash:
53b9ba00065d07992fab361316441de49eda1626
Link:
https://www.unpac.me/results/d5855cfa-d491-4487-b3c9-0902f97f921d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6fa95e4e25eb2cf60595af08ca20573f260e87b40a8202bbcfeb439634f0aeb6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6fa95e4e25eb2cf60595af08ca20573f260e87b40a8202bbcfeb439634f0aeb6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2685099/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/424420/

Comments