MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f998f0b351d2086150d75ae51ca411e6343f5859e55caecf6873d0e637add7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f998f0b351d2086150d75ae51ca411e6343f5859e55caecf6873d0e637add7f
SHA3-384 hash: 41683ea0cf5c986cb70677fad11aacf444572c6de66cf1e4bbc0d044b1b666c964766f4e1dcab5abb04fb6746c13c980
SHA1 hash: 8b4654a87b0165ea27789041199b8b32c2de5d3f
MD5 hash: acc8f0bb0c17238efec2029f5f21f816
humanhash: vermont-april-rugby-wolfram
File name:acc8f0bb0c17238efec2029f5f21f816
Download: download sample
File size:525'824 bytes
First seen:2022-01-29 02:28:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e1c1bdd90e50b843e259b79571de8223 (1 x Smoke Loader, 1 x ArkeiStealer)
ssdeep 12288:v5cJh76DuYqkaMlFslBKN2ubnwfs1C7u7:qJ1AyxlyDHR7
TLSH T143B4E0D07690FA71C04D2DB19941CBA19BFBB831D6649837F734976A0EB23D08E6235E
File icon (PE):PE icon
dhash icon fcfcb4b4b4d4d9c1 (24 x RedLineStealer, 10 x Smoke Loader, 4 x RaccoonStealer)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
262
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
acc8f0bb0c17238efec2029f5f21f816
Verdict:
No threats detected
Analysis date:
2022-01-29 02:41:13 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2e106366-0073-42f2-b4e7-0f6250c23084

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/225729/
Detection(s):
Win.Dropper.Raccoon-9916366-0
Create hunting rule

Win.Malware.Mikey-9917879-0
Create hunting rule

Win.Packed.Lockbit-9919158-0
Create hunting rule

Win.Malware.Generic-9937404-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5440/overview
Behaviour
MalwareBazaar
SystemUptime
CPUID_Instruction
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
exploit greyware qbot raccoon
Link:
https://www.filescan.io/uploads/61f4a670541b362706533998/reports/2f34e55f-2c59-4caa-8d89-22480e53581f/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
SystemBC
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2ff449f4-ddfe-46aa-947c-b4998bcac2f5
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/930058
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found stalling execution ending in API Sleep call
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f998f0b351d2086150d75ae51ca411e6343f5859e55caecf6873d0e637add7f/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2022-01-29 02:29:11 UTC
File Type:
PE (Exe)
Extracted files:
61
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220129-cyk3ssbdd5/
Unpacked files
SH256 hash:
dcff6b2d1b84390ae6780aa7f990c1bdc99be5b4211b2ad18082c28a40798baa
MD5 hash:
ff8f8d013d23ab8626d5d29778c4c826
SHA1 hash:
035a497b898b2bb6a4364cf9f4a7211c28023c3f
Link:
https://www.unpac.me/results/b6a2c708-434a-41e4-a5ac-aa1846c20387/
SH256 hash:
7f998f0b351d2086150d75ae51ca411e6343f5859e55caecf6873d0e637add7f
MD5 hash:
acc8f0bb0c17238efec2029f5f21f816
SHA1 hash:
8b4654a87b0165ea27789041199b8b32c2de5d3f
Link:
https://www.unpac.me/results/b6a2c708-434a-41e4-a5ac-aa1846c20387/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7f998f0b351d2086150d75ae51ca411e6343f5859e55caecf6873d0e637add7f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7f998f0b351d2086150d75ae51ca411e6343f5859e55caecf6873d0e637add7f

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2012980/
Cape
Cape
https://www.capesandbox.com/analysis/225729/

Comments


Avatar
zbet commented on 2022-01-29 02:28:16 UTC

url : hxxp://5.255.100.31/imagehosting/uploads/sufile.exe