MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7dfd68fb1e4b9739c080e26186b2625e1a388862072e3645f878103902730767. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Redosdru

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	7dfd68fb1e4b9739c080e26186b2625e1a388862072e3645f878103902730767
SHA3-384 hash:	d8cea5c322e9ec9bfa8c17344aa36d946ba869e8111d25952a83c7c0cbbc427cd4da0b5731e808cafb2a8e27bbbd89ff
SHA1 hash:	ca292b9d55810cc54d0173434edd69e7c006e51f
MD5 hash:	3d26fcdacec75bf58959a378f449f91d
humanhash:	uranus-snake-montana-red
File name:	3d26fcdacec75bf58959a378f449f91d.exe
Download:	download sample
Signature	Redosdru Create hunting rule
File size:	603'336 bytes
First seen:	2022-01-31 07:32:10 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e3ab9d6eb9e9d99478cfc5c53d60a1e1 (1 x Redosdru)
ssdeep	12288:jBB31ryfXsmZcaMvI6z81VAp8F/buMVXXfsgS5wWoEDN:zlssmZcaMQ6z81yp8FTldS5wWzN
Threatray	97 similar samples on MalwareBazaar
TLSH	T109D4023472A0D076C0955630A62BCFE21FBDEC351DA68A473679076BAE243E05F6235F
File icon (PE):
dhash icon	fcf8b4b4b49cd9c1 (1 x Redosdru, 1 x Amadey)
Reporter	abuse_ch
Tags:	exe Redosdru

Intelligence

File Origin

# of uploads :

# of downloads :

190

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

3d26fcdacec75bf58959a378f449f91d.exe

Verdict:

Suspicious activity

Analysis date:

2022-01-31 08:32:08 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/25ac5353-77db-41de-b1c8-f9ccd775a504

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/228334/

Detection(s):

Win.Malware.Mikey-9917879-0

Win.Packed.Lockbit-9919158-0

Win.Malware.Generic-9937404-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a file in the Program Files subdirectories

Creating a process from a recently created file

Launching the default Windows debugger (dwwin.exe)

Creating a service

Launching a service

Sending a custom TCP request

Searching for the window

Searching for synchronization primitives

Creating a file

DNS request

Creating a process with a hidden window

Creating a window

Enabling autorun for a service

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/5588/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

CPUID_Instruction

EvasionQueryPerformanceCounter

CheckCmdLine

EvasionGetTickCount

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware overlay packed

Link:

https://www.filescan.io/uploads/61f790b0d9e6538232d66f8a/reports/beee3d83-ed40-47a0-8147-caf3b1e208a1/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

JenkinsMiner

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f22432f9-ea16-47bc-8cb9-f6ecb191f7dd

Result

Threat name:

Redosdru

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/930635

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7dfd68fb1e4b9739c080e26186b2625e1a388862072e3645f878103902730767/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2022-01-24 19:48:14 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

27 of 28 (96.43%)

Threat level:

5/5

Verdict:

malicious

Redosdru

50e90a38a2fda1a8a9c6ea93d9aafcb9a97271abf485b778a307e177e670ad4d

Redosdru

5eb5ed756b14dd3e6898821753d02f24f8bd0595d911f61f772d7d2652d8ff97

Redosdru

7d74db6d7705d15a9a3e25989d7c2983ff9ae2d4fbe561bc8a020c37eb3e2d3b

Redosdru

82c8c241387c128a1d00eb9a96ec415ccad32461600441cb9a6c9176cfebd617

Redosdru

851f2df17ce8673bc0747d4ec64b2904b3749a5e9028acbc65db70613b3e5ad5

Redosdru

9f905e04970d3c86d99ddb67052f2f948605a26891d085d1ab431a693260e155

Redosdru

d494d1c9597021407f9167547604c663e7f70f705b5e70bfa207d346d9de7ae9

Redosdru

f2e9b563cfb903599a87072f6f36d77c02eb4a9c885e7c8da435f4f02801ad15

Redosdru

+ 87 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/220131-jdh62ahdc7/

Behaviour

Checks processor information in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Drops file in Program Files directory

Enumerates connected drives

Deletes itself

Loads dropped DLL

Executes dropped EXE

UPX packed file

Unpacked files

SH256 hash:

afe928daf4992e56d4d613df31927f945dfe81498186b9c37d9b1b7d8d1da136

MD5 hash:

275c4c032b08027cedf0cdb0b2dbfacc

SHA1 hash:

d943d34ac2e4d6f97318fcd2d60b098ea1a7ff40

Link:

https://www.unpac.me/results/a61a6997-2c37-4296-9afb-66bc1e1a0b4d/

Parent samples :

7c7edaf79218ec77462a5097f6860347b905b01ea8c1bc807f6731847770d9b2
222550d01c5123fd8ab3989ba63bd928e4dcc23f3c04c3895ec9afce7057d62c
770046d4a6f703dad79b1745b7913417f83201377915f7f3d0d85d2cf6efb335
72e63f73ced48b29f196e48030215273a17f7827c310f2747321cbc1f388c206
fc35c926288af736d9772f5a014d3cb703899feb7b5f7613d671381c1dfe9c50
2e389fca5fd7268bfed564c984ef9552d22629c482d9f88c8c122a5fbf9553c0
0e4db144b872080e865f2ce5d7dc2edeb47eb304d109c3f16c82c04ce626644f
0d54d32363e61018cfcf27aa874fd0e79b1fef37c9b7eca776c7fb7435a2e21d
9ab30823de1456e3176373b63d29e488f055648e1f00e9befbf241c54461613f

SH256 hash:

80778f5c52063e4a70d4075329c12f83ee114a8eb1c0d70bd244619f0f56c2f7

MD5 hash:

aa8e2063cbac413e53fc72330bf93644

SHA1 hash:

ba501bf860926374925dbcfe8347bd921c98250b

Link:

https://www.unpac.me/results/a61a6997-2c37-4296-9afb-66bc1e1a0b4d/

SH256 hash:

7dfd68fb1e4b9739c080e26186b2625e1a388862072e3645f878103902730767

MD5 hash:

3d26fcdacec75bf58959a378f449f91d

SHA1 hash:

ca292b9d55810cc54d0173434edd69e7c006e51f

Link:

https://www.unpac.me/results/a61a6997-2c37-4296-9afb-66bc1e1a0b4d/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7dfd68fb1e4b9739c080e26186b2625e1a388862072e3645f878103902730767

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Redosdru

exe 7dfd68fb1e4b9739c080e26186b2625e1a388862072e3645f878103902730767

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2015525/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/228334/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample