MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72567a2d2a7931d46ad2c62f87207a2ee60b8c7c237db6f542a28d8a56708f11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 1 File information Comments

SHA256 hash:	72567a2d2a7931d46ad2c62f87207a2ee60b8c7c237db6f542a28d8a56708f11
SHA3-384 hash:	e179bbec661a8930e6ef3e01e0a1b917fc7cb72aa74ca8ff0e757b246e6eeb361368e7c5b4674aacdff500e0c130b1ec
SHA1 hash:	b3bcad31a7c567419bdc33e8268bfa5c6c2dd49e
MD5 hash:	184dfb8c89d5531bff52c3c1f04d9e5f
humanhash:	sierra-ohio-ack-hotel
File name:	0.exe
Download:	download sample
File size:	321'799 bytes
First seen:	2022-12-04 14:28:51 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	12e12319f1029ec4f8fcbed7e82df162 (389 x DCRat, 52 x RedLineStealer, 51 x Formbook)
ssdeep	3072:/nWSR+jounK7NAKDjiBmKbOUEuQvS/bcwWE2wup3vMRU6RLvHEd9VhMCyqKbv83w:+TouKrWBEu3/Z2lpGDHU3ykJyT+tjs/B
Threatray	2'356 similar samples on MalwareBazaar
TLSH	T14D64BF03BDC1D8B2C46208335B696B21B57DBE202F658EDBA3D42E5DE9311D0E7317A6
TrID	32.2% (.EXE) Win64 Executable (generic) (10523/12/4) 20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 15.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 13.7% (.EXE) Win32 Executable (generic) (4505/5/1) 6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter	Anonymous
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

202

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

0.exe

Verdict:

Suspicious activity

Analysis date:

2022-12-04 14:31:16 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1bd6723c-d295-43db-a00d-099069fc21b8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/342557/

Detection(s):

Win.Malware.Fugrafa-9938779-0

SecuriteInfo.com.Trojan.GenericKD.38920448.13962.7593.UNOFFICIAL

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Creating a window

Searching for the window

Сreating synchronization primitives

Searching for synchronization primitives

Moving of the original file

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-vm greyware overlay setupapi.dll shdocvw.dll shell32.dll

Link:

https://www.filescan.io/uploads/638caeb0f6e448d42df73cc1/reports/326b3a04-b77c-4328-975f-986a964192ab/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

AZORult

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2e45a01d-0054-4292-bbd9-05eeb654e34c

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

rans

Score:

39 / 100

Link:

https://www.joesandbox.com/analysis/1127485

Signature

Modifies existing user documents (likely ransomware behavior)

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/72567a2d2a7931d46ad2c62f87207a2ee60b8c7c237db6f542a28d8a56708f11/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2022-12-04 14:29:08 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

7 of 41 (17.07%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ojlhuljkpey5i2wsyyxyoid2f3taxdd4en63n5kcukgyuvtqr4iq._file

Verdict:

unknown

390ba9da469491e34db509524293b00feb22b768a11c0792d67c92b17881a521

3c11fa854cd456fac1f3719d3954bcfc4657437defd8d73f234b16805d121897

432c99b8f1108ed0d94b7b1e620b230f8f55c47ca62c0fcdd1a3afac8548f239

c39c4466f622b7320076076ea3eb13fa0f784b9b097dff46d802f905fc39d851

daaa0aa0dc9c10baf105b5aa376724f2cee7ea5b6d01372b2504b1157437c294

e601a9b4dc605b4e283a5b97ed2cb16da2e754b7a6c27585c6f0d1cdbed99094

f56bd344f2e9650ba6def3340bc5ac26472ea615744b38786d5445a75a0e51b4

+ 2'346 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/221204-rtkc2agc98/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: RenamesItself

Enumerates physical storage devices

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/5bc4519a-6905-4836-802b-f7f08bd87457

Unpacked files

SH256 hash:

72567a2d2a7931d46ad2c62f87207a2ee60b8c7c237db6f542a28d8a56708f11

MD5 hash:

184dfb8c89d5531bff52c3c1f04d9e5f

SHA1 hash:

b3bcad31a7c567419bdc33e8268bfa5c6c2dd49e

Link:

https://www.unpac.me/results/462df8ef-1118-4a3c-9475-33a0be9fb35b/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/72567a2d2a79/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/72567a2d2a7931d46ad2c62f87207a2ee60b8c7c237db6f542a28d8a56708f11

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	pdb_YARAify Create hunting rule
Author:	@wowabiy314
Description:	PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/342557/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample