MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7520f0fed54a71886061557c4257452d83878b878ea0a2fd1a773cee36870455. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7520f0fed54a71886061557c4257452d83878b878ea0a2fd1a773cee36870455
SHA3-384 hash: 24f740bd25bf6bf5257a4e6440a6d619bf93595d2e3b84907b9aeaa185765186488a0bb47021249e2e57e8593db27b40
SHA1 hash: d7e86463a55440794ca0487a82fb8187d67b4bae
MD5 hash: 462be74da73529d4a57dd33ebb013355
humanhash: eleven-golf-lima-hotel
File name:462be74da73529d4a57dd33ebb013355
Download: download sample
File size:454'144 bytes
First seen:2021-08-23 07:42:57 UTC
Last seen:2021-08-23 09:09:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 47838eb3376cd956f1ad4ca3d2e871c1 (2 x Amadey, 1 x RedLineStealer, 1 x RaccoonStealer)
ssdeep 6144:xO+ipfCejLZTXWODQ4bFrIi8kxBG3FXehjXYQz1tKsvCMiuyy92zeAl/T9WPcMgh:52f3/NX5FrIPkxr1YQzjmteAl/Zcmfp
Threatray 10 similar samples on MalwareBazaar
TLSH T15BA4CF30AB91C435E5B312F855BA82BCB43A7AB16B3850CF53D516EE1A386E4EC30757
dhash icon ead8a89cc6e68ee0 (43 x RaccoonStealer, 31 x RedLineStealer, 20 x Smoke Loader)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
462be74da73529d4a57dd33ebb013355
Verdict:
Malicious activity
Analysis date:
2021-08-23 07:47:14 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/300bbc3d-a970-4254-8713-b6adeade7b3b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/181427/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.10553.10810.21566.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Sending a UDP request
Creating a window
Deleting of the original file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3f6e3c99-df7c-41ed-a669-8d44d7fa9730
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/837342
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7520f0fed54a71886061557c4257452d83878b878ea0a2fd1a773cee36870455/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-08-23 07:43:04 UTC
AV detection:
17 of 46 (36.96%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1032acabd85ab79e88e451e1b4345ab80b2275eb2b9012664dedaa952a2dadbb
1a512b670911187dd2cc6a04b8da5d96b70df6129234b4fd97e30fcda7470365
2fb1cb5c89b04385b88b2b254602c0706c6d0530f7433ad4586000bfcbf73507
4cca9091484e1b53c182d79607fe3c334c19176a1d5f8f91624c3565e24f49b8
8f5b300680db95b545347229941acb9113690ab187cd7ac7b2cc601b9e31a205
91dd3fa11964f4432bb43ee5f63580d53ba35dfdcfd5d8ec1b0e00f3f7b20258
a050c0bd12d9a09611dbce5d20787e37f907996908edb311570530feab91efed
c84efa5991ab32373624d35d1cf4921ea0f9c2eb52d5703d059d5cba39280087
dbfcb39858d204c1cb35ea01fb3720cbeadd262eb300ee41050630c6087af7ae
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210823-98lwpseb9a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Deletes itself
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
ed08cb5a40ff40bfa398b1a3ac6d2ab9cc92b56e971287c94463dd389fb5f26a
MD5 hash:
d299991063d72d9e2b9d93f6cc1cb70d
SHA1 hash:
48c115b11a614aeb6c7575bc0e7966a4d4cc7cb2
Link:
https://www.unpac.me/results/92e051ef-c3d4-472a-9073-315b4b3e6a10/
SH256 hash:
7520f0fed54a71886061557c4257452d83878b878ea0a2fd1a773cee36870455
MD5 hash:
462be74da73529d4a57dd33ebb013355
SHA1 hash:
d7e86463a55440794ca0487a82fb8187d67b4bae
Link:
https://www.unpac.me/results/92e051ef-c3d4-472a-9073-315b4b3e6a10/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7520f0fed54a71886061557c4257452d83878b878ea0a2fd1a773cee36870455

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7520f0fed54a71886061557c4257452d83878b878ea0a2fd1a773cee36870455

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1529939/
  
URLhaus
https://urlhaus.abuse.ch/url/1525305/
  
URLhaus
https://urlhaus.abuse.ch/url/1524012/
  
URLhaus
https://urlhaus.abuse.ch/url/1523998/
Cape
Cape
https://www.capesandbox.com/analysis/181427/

Comments


Avatar
zbet commented on 2021-08-23 07:42:58 UTC

url : hxxp://193.56.146.55/RuntimeBroker.exe