MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78cf79c5cc5ffb37dfae1c6b177281c793767c6bdcbb8062ccedd0547c89b8e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78cf79c5cc5ffb37dfae1c6b177281c793767c6bdcbb8062ccedd0547c89b8e2
SHA3-384 hash: d3d748198fd4d30263de378990aefbfa768d76d6c2902e186486512063ec3efa3874e16cead8e4059a6a54b7315fd275
SHA1 hash: 140605ab61b871a610b40e8ff36a4f96f996c76a
MD5 hash: 6339c653d06bf38b580c892c876b19b0
humanhash: glucose-charlie-lemon-artist
File name:6339c653d06bf38b580c892c876b19b0
Download: download sample
File size:450'160 bytes
First seen:2022-03-09 20:01:59 UTC
Last seen:2022-03-09 21:51:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 194568caf8727710fe783ac49b0d67b8
ssdeep 12288:7HRJXBRaFr+BhaHgad2ZGvqCLP2Ynvbz:7xnR5PadUGNP2gv
Threatray 257 similar samples on MalwareBazaar
TLSH T13CA4BF6B37FE10BEC9D1C8F3FB47A2738B5ACDA055A9E7116533B72B206028547C6A50
File icon (PE):PE icon
dhash icon 61e0a69359b8f879
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
190
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
https://www.mediafire.com/file/k58txj6ewm7zvmd/MagicEden_Launchpad_BOT.rar/file
Verdict:
Malicious activity
Analysis date:
2022-03-10 01:54:37 UTC
Tags:
trojan rat redline loader
Link:
https://app.any.run/tasks/7192ef8a-b39e-4dcb-83eb-9c0c8e0a7cc4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/248863/
Detection(s):
Win.Malware.Obsidium-9940946-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Searching for analyzing tools
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
Launching a process
Creating a process from a recently created file
Enabling autorun by creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/622907c1dfdfa8501c8214b0/reports/6adf8b44-1a14-4c44-910b-f729e25f6606/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Vidar
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a58bbc5f-797a-405a-92a2-6c238726798d
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/953638
Signature
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to compare user and computer (likely to detect sandboxes)
Found evasive API chain (may stop execution after checking mutex)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Sigma detected: Suspicius Schtasks From Env Var Folder
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade analysis by execution special instruction which cause usermode exception
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78cf79c5cc5ffb37dfae1c6b177281c793767c6bdcbb8062ccedd0547c89b8e2/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-06 23:30:10 UTC
File Type:
PE (Exe)
Extracted files:
13
AV detection:
29 of 42 (69.05%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
02d6b6d6a27c2c88abbd109a5e1d987183252f7ed6165bfe6ad1fb968f0cb9f6
3d33d26da99e86cfdd7b70e9555af805aaff62d9a302c4ec0922560cb6a86d6a
5a37e85ddf1b693cb2e938710a4fc0cea30062eb784ad5b8cecd0d1170d5da6f
5f1e490841c6891cd0587b72a7d8f32e926037b7dea21ef0219a46f9769cf8c9
9bc3b1788041f0f94ec1c8602d4ebc97b7d06a276ba9287042dc16e4ac2e7f52
b91e73e932fd097108875528989b0f29938b02af751c72a9e81b98757af60fab
f308b421eca9c5e09325bcf0dc44a6dc86bd320f4cf2a569784e878a92352305
+ 247 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220309-yr5phsbfd8/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Executes dropped EXE
Unpacked files
SH256 hash:
39241996803d0c9a7b912669bdc3311ddf12a8319826ae0ece067bce92d33a69
MD5 hash:
917aa70f5a6a3afeced4bf7164941c5c
SHA1 hash:
26ca0f53f890116a10be9c61d14e8668c3e2d2d9
Link:
https://www.unpac.me/results/3829cde7-bcbb-445f-b8ad-a5adaaeb16ab/
SH256 hash:
78cf79c5cc5ffb37dfae1c6b177281c793767c6bdcbb8062ccedd0547c89b8e2
MD5 hash:
6339c653d06bf38b580c892c876b19b0
SHA1 hash:
140605ab61b871a610b40e8ff36a4f96f996c76a
Link:
https://www.unpac.me/results/3829cde7-bcbb-445f-b8ad-a5adaaeb16ab/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/78cf79c5cc5ffb37dfae1c6b177281c793767c6bdcbb8062ccedd0547c89b8e2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 78cf79c5cc5ffb37dfae1c6b177281c793767c6bdcbb8062ccedd0547c89b8e2

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2086565/
Cape
Cape
https://www.capesandbox.com/analysis/248863/

Comments


Avatar
zbet commented on 2022-03-09 20:02:01 UTC

url : hxxp://file-coin-coin-10.com/files/5420_1646593019_6084.exe