MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 811566c02b85bfff2c60105b3638aa7a7d906658c1fc1fd0e2f5112dfcb492be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	811566c02b85bfff2c60105b3638aa7a7d906658c1fc1fd0e2f5112dfcb492be
SHA3-384 hash:	c67cd6903c42ec139f0ab8d0aff26fc5e9433e8cf442f9c0ef45f00c587b63ee10f7d821b90d22b87669a4f94c357bca
SHA1 hash:	65446f06c1cf830771ea438a18ebf8970e1c4a6d
MD5 hash:	48dbade1d2444883d6b46a55b4fc3751
humanhash:	tennis-tango-carolina-freddie
File name:	48dbade1d2444883d6b46a55b4fc3751.exe
Download:	download sample
File size:	1'677'176 bytes
First seen:	2023-06-29 06:56:59 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	aac51396886833dc961fcd7aab7711e4 (11 x NetSupport, 7 x DCRat, 4 x njrat)
ssdeep	49152:zea3qszM4W5dvx/WfaQfXS36HgZxhPxCDNCkBuUm:zHvDq+vXS3UAuNCuuUm
Threatray	537 similar samples on MalwareBazaar
TLSH	T11D7523027BC486F3E26125336A35AF21963DBD315F328DD7A3946A5DDE321C08732B66
TrID	91.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39) 3.6% (.EXE) Win64 Executable (generic) (10523/12/4) 1.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.5% (.EXE) Win32 Executable (generic) (4505/5/1) 0.6% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

273

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

48dbade1d2444883d6b46a55b4fc3751.exe

Verdict:

Suspicious activity

Analysis date:

2023-06-29 07:01:48 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/90e2f3ab-21fe-48e4-b430-ff9a32bcb98b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/403681/

Detection(s):

Win.Malware.Uztuby-9979905-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Searching for the window

Сreating synchronization primitives

Searching for synchronization primitives

Creating a file in the %temp% directory

Launching a process

Sending a custom TCP request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/94037/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm crypto fauppod greyware lolbin lolbin msiexec overlay packed packed replace setupapi shdocvw shell32

Link:

https://www.filescan.io/uploads/649d2b4b78b782264fa10062/reports/6195ab8a-5bdc-4b38-be99-27315029f346/overview

Verdict:

Malicious

Labled as:

Trojan.Uztuby

Link:

https://www.hybrid-analysis.com/sample/811566c02b85bfff2c60105b3638aa7a7d906658c1fc1fd0e2f5112dfcb492be

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/259dc74b-6860-4184-87b1-5a8a4a22cc32

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1263066

Signature

Multi AV Scanner detection for dropped file

Tries to detect sandboxes / dynamic malware analysis system (file name check)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/811566c02b85bfff2c60105b3638aa7a7d906658c1fc1fd0e2f5112dfcb492be/

Threat name:

Win32.Trojan.Uztuby

Status:

Malicious

First seen:

2023-06-29 06:58:04 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

16 of 24 (66.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qekwnqblqw776ldacbntmofkpj6zazsyyh6b7uhc6uis37fusk7a._file

Verdict:

malicious

0af3aa9e62ae449301ef9b3d9965d45775c13b2fc7a662795d39585d5c0fa908

18ab5e7a8a16ee97cfaf8d710e023a7816f0e0c6e57c1d6ca2f9ca311db0dd12

35e5460c102ca2f996d61d70d6bb06fb87014f7d2beccf35f3812ea534acd9d5

43d1c7d70506db33b4db5a3f27582e1f1493b69b6d2493756c88f550529ca969

8525d0bc1e38bb74d592de9be2615da94ec0b81e611b0e456b3a51c40ab5baa3

a040c35ef32cbe289d5bc2b8014adcb961ab3aed1e2873d1f2e335933e97927b

d102af126bcff04b5b089f3872b3add0fef3e755eea0182e8f28324b3c5dcc5f

e905f262f2ec981ddf92c94fe44d96c14195f9bf0815f204c2c4197b16dbb053

+ 527 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/230629-hqya2sdb3x/

Behaviour

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Loads dropped DLL

Unpacked files

SH256 hash:

9bd95a679d7163c46b301f76b403c2d5ccafcbe00c0c16660a2b8ec9bf9bf6ac

MD5 hash:

a9073929f64b1189fac731d49e2b581c

SHA1 hash:

5bf7d51f7f8d6b24d849b440a8bcf5db3fec2ea7

Link:

https://www.unpac.me/results/e5c8b494-dcfe-4fb3-857d-ee07d0053b09/

SH256 hash:

811566c02b85bfff2c60105b3638aa7a7d906658c1fc1fd0e2f5112dfcb492be

MD5 hash:

48dbade1d2444883d6b46a55b4fc3751

SHA1 hash:

65446f06c1cf830771ea438a18ebf8970e1c4a6d

Link:

https://www.unpac.me/results/e5c8b494-dcfe-4fb3-857d-ee07d0053b09/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/811566c02b85bfff2c60105b3638aa7a7d906658c1fc1fd0e2f5112dfcb492be

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/403681/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample