MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 799866f1237d484f5e55633b6200443fe19bddc88257207b4a1142ae97b93f3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Redosdru


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 799866f1237d484f5e55633b6200443fe19bddc88257207b4a1142ae97b93f3c
SHA3-384 hash: c44224e618784674a662668063826e05659342d60e854e402ccb54b9c358fb58732cea04ef494a74f0541077a940785a
SHA1 hash: d41f0081266d5d1f885f303bcd8185ee169ae5dd
MD5 hash: b3c7b511cf32bf3f7b7b1c930c1220d7
humanhash: dakota-florida-triple-nevada
File name:b3c7b511cf32bf3f7b7b1c930c1220d7
Download: download sample
Signature Redosdru
Create hunting rule
File size:688'196 bytes
First seen:2021-08-07 19:42:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 91076518487bb133a8d219f38936b9d9 (1 x Redosdru)
ssdeep 12288:veD27Sdt6DA+v7tdOmyrFczvPE7QlSEvB:hSbsA+vuVFczvPeQlSEp
Threatray 42 similar samples on MalwareBazaar
TLSH T1CBE4171273A66E6FD0A3A3758BC78366777DEE208B3383835104293B6DA37E54C16764
dhash icon 71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter zbetcheckin
Tags:32 exe Redosdru

Intelligence

File Origin
# of uploads :
1
# of downloads :
209
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b3c7b511cf32bf3f7b7b1c930c1220d7
Verdict:
Malicious activity
Analysis date:
2021-08-07 19:43:31 UTC
Tags:
trojan dupzom
Link:
https://app.any.run/tasks/10f6f767-15e6-4927-b19c-f97f39868786

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/177188/
Detection(s):
Win.Downloader.Farfli-6453698-0
Create hunting rule

Win.Trojan.Agent-6443182-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sending an HTTP GET request
Creating a file in the Program Files subdirectories
Sending a UDP request
Creating a process from a recently created file
Creating a service
Launching a service
DNS request
Sending a custom TCP request
Enabling autorun for a service
Deleting of the original file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GhostCringe
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7f564b96-a0d1-4871-a7f6-730570d1e5a4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/828681
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/799866f1237d484f5e55633b6200443fe19bddc88257207b4a1142ae97b93f3c/
Threat name:
Win32.Backdoor.Farfli
Create hunting rule
Status:
Malicious
First seen:
2021-08-06 00:54:15 UTC
AV detection:
34 of 46 (73.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pgmgn4jdpvee6xsvmm5weaceh7qzxxoiqjlsa62kcfbk5f5zh46a._file
Verdict:
malicious
Similar samples:
06c56274fc1db5ddff596e3c3ba6e332cdb8f2329e295b1515bcc1f9493464bd
Redosdru
50e90a38a2fda1a8a9c6ea93d9aafcb9a97271abf485b778a307e177e670ad4d
Redosdru
7d74db6d7705d15a9a3e25989d7c2983ff9ae2d4fbe561bc8a020c37eb3e2d3b
Redosdru
7e6b769afc67e5e76904920f69a8d31475576ee4dc3411379efa665de38f7697
Redosdru
9f905e04970d3c86d99ddb67052f2f948605a26891d085d1ab431a693260e155
Redosdru
b19f2c2eec099ce6116313fff9348927a979584c82338f16c4f24231100dbd4b
Redosdru
d494d1c9597021407f9167547604c663e7f70f705b5e70bfa207d346d9de7ae9
Redosdru
f2e9b563cfb903599a87072f6f36d77c02eb4a9c885e7c8da435f4f02801ad15
Redosdru
+ 32 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210807-b3t8x1pqye/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Program Files directory
Enumerates connected drives
Deletes itself
Loads dropped DLL
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
799866f1237d484f5e55633b6200443fe19bddc88257207b4a1142ae97b93f3c
MD5 hash:
b3c7b511cf32bf3f7b7b1c930c1220d7
SHA1 hash:
d41f0081266d5d1f885f303bcd8185ee169ae5dd
Link:
https://www.unpac.me/results/09f4657f-b558-436e-8cb4-365c0da82fc2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/799866f1237d484f5e55633b6200443fe19bddc88257207b4a1142ae97b93f3c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Redosdru

Executable exe 799866f1237d484f5e55633b6200443fe19bddc88257207b4a1142ae97b93f3c

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1514592/
Cape
Cape
https://www.capesandbox.com/analysis/177188/

Comments


Avatar
zbet commented on 2021-08-07 19:42:24 UTC

url : hxxp://139.196.224.137:8080/kuma.exe