MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c8dc5d401238f679c24463c4dc79c89636f41b8b328e0e02d81e7a1ad8442b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c8dc5d401238f679c24463c4dc79c89636f41b8b328e0e02d81e7a1ad8442b1
SHA3-384 hash: 104e494e08f4de8457b9288cdb717aa7741662dc23ac7615fda7f8fce9128fde8eaa747456369683099c6bcbd6ca87f5
SHA1 hash: a1bad45b542a03f844ecb796d3915f3f7c6ca30f
MD5 hash: 3ec3b01cf96e2b3c3b106c3370b83ccf
humanhash: colorado-high-jupiter-december
File name:user_unit.exe
Download: download sample
File size:1'736'192 bytes
First seen:2022-03-15 23:34:32 UTC
Last seen:2022-03-16 01:35:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3e6bfcede74cd7002b8c110f9ea0e71c
ssdeep 49152:rCEN3aUcLKbnChDltPaZgeskd4DIxXCj:rCEEtEChJoZz
Threatray 6'153 similar samples on MalwareBazaar
TLSH T12985C002FB8284B2D4971578A1A7977F8D3AAA205324DED3CBD15D628D312C1A73F3E5
Reporter vxunderground
Tags:exe Ransomware redeemer

Intelligence

File Origin
# of uploads :
2
# of downloads :
427
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://anonfiles.com/h4v8s3Wau4/Redeemer_v1.7_Release_zip
Verdict:
Malicious activity
Analysis date:
2021-11-30 08:27:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e2de95d2-8ec9-4200-8a1b-790a38671424

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/251097/
Detection(s):
SecuriteInfo.com.BScope.Trojan.Tnega.28676.15626.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Running batch commands
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/9373/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
expand.exe greyware
Link:
https://www.filescan.io/uploads/623122a9dfdfa8501ca69927/reports/286676ea-8199-4dc3-92b6-862eb45f6bf1/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/99f28ce1-2ed6-4a3b-b49a-057d0e518b9a
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
27 / 100
Link:
https://www.joesandbox.com/analysis/957572
Signature
Potentially malicious time measurement code found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 590052 Sample: user_unit.exe Startdate: 16/03/2022 Architecture: WINDOWS Score: 27 5 user_unit.exe 1 2->5         started        8 user_unit.exe 1 2->8         started        10 user_unit.exe 1 2->10         started        signatures3 30 Potentially malicious time measurement code found 5->30 12 conhost.exe 5->12         started        14 cmd.exe 1 5->14         started        16 cmd.exe 1 5->16         started        18 conhost.exe 8->18         started        20 cmd.exe 1 8->20         started        22 cmd.exe 1 8->22         started        24 conhost.exe 10->24         started        26 cmd.exe 1 10->26         started        28 cmd.exe 1 10->28         started        process4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c8dc5d401238f679c24463c4dc79c89636f41b8b328e0e02d81e7a1ad8442b1/
Verdict:
unknown
Similar samples:
3b2d618e3b0e1c567e74ae298adeec4b589de973f4f85fbb2d787a3b4bdf2169
482b160ee2e8d94fa6e4749f77e87da89c9658e7567459bc633d697430e3ad9a
48988cd9dd732950fc8e22b02a5c9e214bfb0e9910a0e7b41bf7fcb961f81bc1
5f3a6968e284a2cfa90ca4318cf7385b9ea468d3bc566a80e81d6cfb44ef5b18
772cad26853c7d8ea8f1023f6e3cba219cc9bb1db1cd31ad2b979e59d3d9c631
8307b7961483dbf57866eb3a58ee1645dc060319e3781ff5487babd28f7b13f4
84cbffb84b7c9ced79b511f82a15414d9202ab68479dfe44cec7b745ed12f973
9e719c4dd5e1086d5197fded7b8cdb0d3d592c0636b0d469fcda22c9723e8e7c
de485249c1467590c911c280716ac3e100ddba49eb6396db58bb1af901171a13
eba0482a5b1232db451b1a745dd8e99defb9f1194b070e2f5c20eeb251296a86
+ 6'143 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220315-3k1jfaehfp/
Behaviour
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
7c8dc5d401238f679c24463c4dc79c89636f41b8b328e0e02d81e7a1ad8442b1
MD5 hash:
3ec3b01cf96e2b3c3b106c3370b83ccf
SHA1 hash:
a1bad45b542a03f844ecb796d3915f3f7c6ca30f
Link:
https://www.unpac.me/results/5e175a4a-3f35-4cd7-9b2b-488cd1c85825/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7c8dc5d401238f679c24463c4dc79c89636f41b8b328e0e02d81e7a1ad8442b1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/251097/

Comments