MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f7d7ad866610022b5482e175cd7e2c655666aaefb4b5038ff524e7336b86825. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f7d7ad866610022b5482e175cd7e2c655666aaefb4b5038ff524e7336b86825
SHA3-384 hash: 196d4b3cbfa6c7c2c1a516df9d1a31638898875a3191aec6d3449554ff23d2f4c1df4601123a426e1961998ef382f16b
SHA1 hash: a078121dcb71b7e92dad1afad312c6164086142b
MD5 hash: 86150111e470bc264faf39dc15f1971e
humanhash: maryland-johnny-dakota-georgia
File name:86150111e470bc264faf39dc15f1971e
Download: download sample
File size:649'728 bytes
First seen:2022-01-15 09:13:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5e94baab68b90958add222dbac71061b (1 x Stop, 1 x Smoke Loader)
ssdeep 12288:LseeCtQ0hpMV33PMQ8X3jtjUdlDnsVkvmwn44rv74qa2GG5FYxK9:oeQ0rg3kfnjt8Wkvmwn4nDyB
Threatray 48 similar samples on MalwareBazaar
TLSH T146D4F100BBA0C035F5F365F446B6936C652E3AB25B24A1CF52D51BEA4B745E0EE31327
File icon (PE):PE icon
dhash icon 2dac1378399b9b91 (35 x Smoke Loader, 34 x RedLineStealer, 18 x Amadey)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
212
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
86150111e470bc264faf39dc15f1971e
Verdict:
Malicious activity
Analysis date:
2022-01-15 09:29:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d1c4b0c1-159c-412d-b493-31f25a347391

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/219483/
Detection(s):
Win.Dropper.Mikey-9917324-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Rewriting of the hard drive's master boot record
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/4266/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
CPUID_Instruction
EvasionQueryPerformanceCounter
EvasionGetTickCount
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61e29061e997359713f17f8a/reports/dc87e595-ea70-4399-82f6-71bd534ce662/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Pitou
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/63a6d7df-98f5-42be-88b2-13777e1c4820
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/921126
Signature
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f7d7ad866610022b5482e175cd7e2c655666aaefb4b5038ff524e7336b86825/
Threat name:
Win32.Trojan.Strab
Create hunting rule
Status:
Malicious
First seen:
2022-01-15 09:14:21 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
027f7d07a53bd9d2c6cd901a9a800dd1f5ed0063f5a16761aa6f3b6ac7328ff6
3c6d3d8d1d1cd0e7503c141e407c2d0f13f87b5b76dac2cff033baa027033e1c
4a12d29a59f80a7deb10effbba67169f9898969133ae7c4d94c3d500cc93de5f
8c1dbb6983c9905b536bcb3c9c7b0e6f23b3b55d280557a08357f6c3cfacb51f
9ab85c68338687154f9ac21de8f1a25828cc75aef1b69b09add600727ffabcc4
a09cbb1704807a612702a6fd63c2c58d096da4c99034be7fc1d92bc5ef7bfc1b
b8041d0735e3ef4ef4714f324de4c63237f500baa52698559e2727c5a8ede61a
c7ccfa2edebbfbe1f3c5dbcd120bbfc828ffcd1b78aae558e401c1e1c30fa825
ce1ab55a70d98baf0f844e1bc21f376ff356ddb9067523f908315934c346737a
f1c367a9e61a79e35b25ced3249166e442845a3d63a06524fb908477140c9f10
+ 38 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
bootkit persistence
Link:
https://tria.ge/reports/220115-k7crsadeg3/
Behaviour
Writes to the Master Boot Record (MBR)
Unpacked files
SH256 hash:
e4525e11db14618785e204cb87842eb4f71a0dd3fde7508475254181daf4817c
MD5 hash:
7b1c1ce13434e6d54c42f3f9ac46d0e4
SHA1 hash:
77ebad305f9c6e0c02ac6414ec47924934624ba4
Link:
https://www.unpac.me/results/67ad33d3-9f4b-41fa-8d02-70227c5754e0/
SH256 hash:
7f7d7ad866610022b5482e175cd7e2c655666aaefb4b5038ff524e7336b86825
MD5 hash:
86150111e470bc264faf39dc15f1971e
SHA1 hash:
a078121dcb71b7e92dad1afad312c6164086142b
Link:
https://www.unpac.me/results/67ad33d3-9f4b-41fa-8d02-70227c5754e0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7f7d7ad866610022b5482e175cd7e2c655666aaefb4b5038ff524e7336b86825

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7f7d7ad866610022b5482e175cd7e2c655666aaefb4b5038ff524e7336b86825

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1978538/
Cape
Cape
https://www.capesandbox.com/analysis/219483/

Comments


Avatar
zbet commented on 2022-01-15 09:13:37 UTC

url : hxxp://drcopps.com/index.php