MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72239d0cba7a80895957b43d854680fb2fefbaa8b1f68b001ce5905c32ddcde1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


StrongPity


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72239d0cba7a80895957b43d854680fb2fefbaa8b1f68b001ce5905c32ddcde1
SHA3-384 hash: d42c50fb9654ea18e50b1742e2bfffb9542347ce4cf4a6d98df0e3656860dad4e2bd0db8d1e1709cf04bc610cc9ec66c
SHA1 hash: 79eaa3e5457cff7ad64147a4178b0e7aad732101
MD5 hash: c930f328b5b3894feced92d04908b256
humanhash: arkansas-enemy-california-winner
File name:WinRAR.exe
Download: download sample
Signature StrongPity
Create hunting rule
File size:4'212'736 bytes
First seen:2021-01-20 07:41:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6f334a045bb093e7fd964a3205e903b5 (1 x StrongPity)
ssdeep 98304:QZqzMFazPSYShEiNUASONh/GVgA2imxNCl2duaT6jVXrBfK:0SzPSYS+iOABPA2iflmum6jVc
Threatray 11 similar samples on MalwareBazaar
TLSH 51162366F79A8EB1E1EB043242FC80ABD65C5EA7C41D449F14F275329A390F790D2B63
Reporter silv0123
Tags:StrongPity

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'387
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/113039/
Detection(s):
Win.Trojan.StrongPity3-8208368-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Creating a process from a recently created file
Creating a window
Searching for the window
Sending a UDP request
Reading critical registry keys
Enabling the 'hidden' option for files in the %temp% directory
Delayed writing of the file
DNS request
Sending a custom TCP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Stealing user critical data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
StrongPity
Create hunting rule
Detection:
suspicious
Classification:
troj.evad
Score:
32 / 100
Link:
https://www.joesandbox.com/analysis/585878
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected StrongPity
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 341967 Sample: WinRAR.exe Startdate: 20/01/2021 Architecture: WINDOWS Score: 32 49 applicationrepo.com 2->49 53 Multi AV Scanner detection for submitted file 2->53 55 Yara detected StrongPity 2->55 57 Machine Learning detection for sample 2->57 9 WinRAR.exe 1 4 2->9         started        12 nvwmisrv.exe 1 2->12         started        14 nvwmisrv.exe 1 2->14         started        signatures3 process4 file5 43 C:\Users\user\AppData\Local\...\nvwmisrv.exe, PE32 9->43 dropped 45 C:\Users\user\AppData\...\winrar-x64-600.exe, PE32+ 9->45 dropped 47 C:\Users\user\AppData\Local\...\winmsism.exe, PE32 9->47 dropped 16 winrar-x64-600.exe 1 44 9->16         started        19 nvwmisrv.exe 1 9->19         started        23 conhost.exe 12->23         started        25 conhost.exe 14->25         started        process6 dnsIp7 35 C:\Program Files\WinRAR\WinRAR.exe, PE32+ 16->35 dropped 37 C:\Program Files\WinRAR\Default.SFX, PE32 16->37 dropped 39 C:\Program Files\WinRAR\Zip64.SFX, PE32+ 16->39 dropped 41 10 other files (none is malicious) 16->41 dropped 27 Uninstall.exe 230 13 16->27         started        51 applicationrepo.com 194.76.224.17, 443, 49725, 49732 PORTLANEwwwportlanecomSE Germany 19->51 59 Machine Learning detection for dropped file 19->59 29 winmsism.exe 17 19->29         started        31 conhost.exe 19->31         started        file8 signatures9 process10 process11 33 WerFault.exe 23 9 29->33         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/72239d0cba7a80895957b43d854680fb2fefbaa8b1f68b001ce5905c32ddcde1/
Threat name:
Win32.Trojan.CrypterX
Create hunting rule
Status:
Malicious
First seen:
2021-01-13 13:56:58 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
04c6b2e93ee33d4b12f61c565ef164931ce8bb8225d0a80cae32782c1c30a802
StrongPity
1185998fd595936708c1fc5a3ddeadbdd46b88e216419597da0b461e136ddfa7
StrongPity
2c8ea0f991d74146f056e4ed453e92ad1798daf2878f5520f54cf3d70d607613
StrongPity
2ea1ff8dc4a5ea276f8ae4137cbce0fd80b27d662dc0969127b454f5c0aa34e1
StrongPity
3da5ad345fa5dc65c5313a0846897ba696630e1b4c6b9388e7a479edce27745e
StrongPity
b42b33ffa4b45bc81b71f13d89dc1283b155204913aa8362e99e9aa44366bfb2
StrongPity
ba483bee9e68e055952e71255eb24bd6ca52c1238d3efe96bcb66506e80e6792
StrongPity
cc1bbef42692db18e756a3d2498f59fbfcaacaf32c38f2a4e6a5cf1a6b4c67a1
StrongPity
d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78
StrongPity
f81d16d98d7c5423e8f231fe47778b0824360fb41525fd545097bb8e700e1a8d
StrongPity
+ 1 additional samples on MalwareBazaar
Result
Malware family:
strongpity
Create hunting rule
Score:
  10/10
Tags:
family:strongpity persistence spyware stealer
Link:
https://tria.ge/reports/210120-xk92jf4fys/
Behaviour
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Adds Run key to start application
JavaScript code in executable
Loads dropped DLL
Executes dropped EXE
StrongPity
StrongPity Spyware
Unpacked files
SH256 hash:
15db53fde79f4288934dbd3c8d8ba0de35f8ebb3912ad6afaf2854fbc33fb565
MD5 hash:
b5e7c28b541ece7f34da83b56ee95508
SHA1 hash:
032a2f6e9c5ca46adcb131cbec45bdc9c985b0bd
Link:
https://www.unpac.me/results/89f513d5-3285-4239-9fa0-31cd787efdcf/
SH256 hash:
72239d0cba7a80895957b43d854680fb2fefbaa8b1f68b001ce5905c32ddcde1
MD5 hash:
c930f328b5b3894feced92d04908b256
SHA1 hash:
79eaa3e5457cff7ad64147a4178b0e7aad732101
Link:
https://www.unpac.me/results/89f513d5-3285-4239-9fa0-31cd787efdcf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/72239d0cba7a80895957b43d854680fb2fefbaa8b1f68b001ce5905c32ddcde1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/silv0123/status/1350710895513636866
  
Dropping
StrongPity
  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/113039/

Comments