MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fc54151607a82d5f4fae661ef0b7b0767d325f5935ed6139f8932bc27309202. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6fc54151607a82d5f4fae661ef0b7b0767d325f5935ed6139f8932bc27309202
SHA3-384 hash: 98097900f40200e4df7617e268c915e256c1692ec4e5371e555e89ab66fa2b84b72119aedcffd030766041819fcd3a35
SHA1 hash: 9ef9a6ba386a2728b6f2ddb78e18c517a597a3cd
MD5 hash: 7e44d94813b6100ca296aa91d321020c
humanhash: winter-bakerloo-juliet-carbon
File name:ACROSUP.bin
Download: download sample
File size:131'072 bytes
First seen:2022-05-05 14:10:32 UTC
Last seen:2022-07-08 11:09:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b4a3f218dbd33872d0fd88a2ff95be76
ssdeep 3072:JyI0C6Og9CaD7VR2X+sbzXqbxcBd8j1AgbXPaUOmpSiaedwyD5viMbijx5:JyI0C6Og9CaD7VR2X+sbzXux48j1Agbk
TLSH T17BD37D17B2A90CBFD0728639C9235916E7B278150A709BAF036446561F27390AEFFF71
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter Arkbird_SOLG
Tags:APT29 Downloader EnvyScout exe NOBELIUM

Intelligence

File Origin
# of uploads :
3
# of downloads :
382
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Information.img
Verdict:
Malicious activity
Analysis date:
2022-04-29 14:37:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e4acd0b9-7cb9-4cb8-b3fc-366eae408e29

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/268911/
Detection(s):
SecuriteInfo.com.Artemis7E44D94813B6.15901.31005.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/16431/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware shell32.dll
Link:
https://www.filescan.io/uploads/6273db1475c6f158e80cbaa9/reports/c7b97944-a576-4361-ae74-111ed897d11d/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/3e72cbba-b006-4b45-bee5-d0e4ff275102
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/988568
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 621068 Sample: ACROSUP.bin Startdate: 05/05/2022 Architecture: WINDOWS Score: 48 17 Multi AV Scanner detection for submitted file 2->17 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        process5 15 rundll32.exe 9->15         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6fc54151607a82d5f4fae661ef0b7b0767d325f5935ed6139f8932bc27309202/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-05-05 12:29:48 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
2 of 41 (4.88%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220505-rg9gdsgca8/
Unpacked files
SH256 hash:
6fc54151607a82d5f4fae661ef0b7b0767d325f5935ed6139f8932bc27309202
MD5 hash:
7e44d94813b6100ca296aa91d321020c
SHA1 hash:
9ef9a6ba386a2728b6f2ddb78e18c517a597a3cd
Link:
https://www.unpac.me/results/9ff1caf0-2f84-4335-97ab-b48e685bf184/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6fc54151607a82d5f4fae661ef0b7b0767d325f5935ed6139f8932bc27309202

File information

The table below shows additional information about this malware sample such as delivery method and external references.

iso 4c68c840ae1a034d47900ebdc291116726fd37b3ab0b7e026fad90eaab84d820

Executable exe 6fc54151607a82d5f4fae661ef0b7b0767d325f5935ed6139f8932bc27309202

(this sample)

  
X
https://twitter.com/ShadowChasing1/status/1522180445789573124
  
Dropped by
SHA256 4c68c840ae1a034d47900ebdc291116726fd37b3ab0b7e026fad90eaab84d820
Cape
Cape
https://www.capesandbox.com/analysis/268911/
  
Dropped by
MD5 110c4ae194e7b49ed3e3b254d599f7f4

Comments