MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 74cf2e1f4dce793dc8bc01b3d1691e102c08bb15a3c65bb5c06a48baba0e1fb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 74cf2e1f4dce793dc8bc01b3d1691e102c08bb15a3c65bb5c06a48baba0e1fb5
SHA3-384 hash: 2b0352b6e82dad712f11d7f798b70db8ae3c2615a0109a8665b8a34cf04b6fedac8d37d6d41f599120fe9fbe5a10264c
SHA1 hash: be899148b1549b1cec6e2eb9db0f94e700fc0334
MD5 hash: a4d1aef9ba64ad4300c744297795bc42
humanhash: fourteen-kentucky-alabama-fish
File name:caf3
Download: download sample
File size:1'089'665 bytes
First seen:2021-08-28 01:12:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 65819c91413f83b464d6a3d119bd6467 (1 x BazaLoader)
ssdeep 12288:9fHnu1hxBOwTdG7MDsDbQg779SweGIvdZOyjGU+G0VCspXMl3A6Gnzq9PBa8nT2:pHK3OwTd8MQDbQgHgUIv1jGUXuCs9qW
Threatray 14 similar samples on MalwareBazaar
TLSH T11235909514C4AFE7DCB6F4FD8EEAE016FD121650C1E5854946C0084A0AF93F3A6AFB39
Reporter malwarelabnet
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
189
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
caf3
Verdict:
No threats detected
Analysis date:
2021-08-28 01:14:57 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ab57e5f7-f72c-4193-829e-929616118261

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/182993/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f1d67b05-fe1f-4938-8cc2-ae17593daadc
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/840631
Signature
Sigma detected: CobaltStrike Load by Rundll32
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 473060 Sample: caf3 Startdate: 28/08/2021 Architecture: WINDOWS Score: 60 47 Sigma detected: CobaltStrike Load by Rundll32 2->47 8 loaddll64.exe 1 2->8         started        11 rundll32.exe 2->11         started        process3 signatures4 51 Tries to detect virtualization through RDTSC time measurements 8->51 13 regsvr32.exe 13 8->13         started        17 cmd.exe 1 8->17         started        19 iexplore.exe 1 75 8->19         started        21 20 other processes 8->21 process5 dnsIp6 45 104.248.170.50, 443, 49763 DIGITALOCEAN-ASNUS United States 13->45 53 System process connects to network (likely due to code injection or exploit) 13->53 55 Tries to detect virtualization through RDTSC time measurements 13->55 23 rundll32.exe 17->23         started        26 iexplore.exe 2 150 19->26         started        29 WerFault.exe 21->29         started        31 WerFault.exe 21->31         started        33 WerFault.exe 21->33         started        signatures7 process8 dnsIp9 49 Tries to detect virtualization through RDTSC time measurements 23->49 35 WerFault.exe 23->35         started        37 edge.gycpi.b.yahoodns.net 87.248.118.22, 443, 49754, 49755 YAHOO-DEBDE United Kingdom 26->37 39 dart.l.doubleclick.net 142.250.203.102, 443, 49742, 49743 GOOGLEUS United States 26->39 43 14 other IPs or domains 26->43 41 192.168.2.1 unknown unknown 29->41 signatures10 process11
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/74cf2e1f4dce793dc8bc01b3d1691e102c08bb15a3c65bb5c06a48baba0e1fb5/
Verdict:
unknown
Similar samples:
183fc633ccd17699724d8069da10e793985067a526fc476de9db218588dc7579
542ef83f25fbe709d0eb6666fe9615d15a96e87dcd3f2e270a40a6ed9e017f12
62e646b44c307979e5385208bf0c698a08f8db0b9bdb839815b8bcd5ed9e3a38
6453ceabe384a96cf864d3699f39a18b33775dd1339524fe337b525da5727aa9
70c2422033dd395c0a6c15b5e6dbdde34aa65b7481d4b8298e70e0c3e72a2182
8b00e9220d23392c11ef9d92a97a7240205bfd27981dccab0828fb358242ca02
8ea46ac64f5af7bb295a8b784738fc11fc0fde1543d7da43c0f97f88950185c4
cc27c7c159716192b33257b7941ef2a61af998a39c2da47c1c5fc8863971bb0b
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210828-pe1x8k51ha/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
74cf2e1f4dce793dc8bc01b3d1691e102c08bb15a3c65bb5c06a48baba0e1fb5
MD5 hash:
a4d1aef9ba64ad4300c744297795bc42
SHA1 hash:
be899148b1549b1cec6e2eb9db0f94e700fc0334
Link:
https://www.unpac.me/results/ea6920a3-a034-44d2-8c92-e64799d6b5ad/
Malware family:
BazarLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/74cf2e1f4dce/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/74cf2e1f4dce793dc8bc01b3d1691e102c08bb15a3c65bb5c06a48baba0e1fb5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/182993/

Comments