MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8acfd843d915a1f12da9bbc0dc543d510be82e60257b99273883b6e55a990d9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8acfd843d915a1f12da9bbc0dc543d510be82e60257b99273883b6e55a990d9f
SHA3-384 hash: 3f1cfa64cfec840473a44d5de07ae4498597f3070f26b6038057ce062b693cda88044b349910f94d85f5f483b34d7469
SHA1 hash: 47444cf1def09af1b4e5c34b68bd480e6b765c78
MD5 hash: 0d154ff4b7f6772333dde1577881584b
humanhash: fanta-bulldog-fourteen-river
File name:0d154ff4b7f6772333dde1577881584b
Download: download sample
File size:1'156'096 bytes
First seen:2022-03-11 19:50:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4f12c21112870dd8f8f0042d284bcddd (2 x RaccoonStealer, 2 x RedLineStealer)
ssdeep 24576:xg55KyuUI27Mo56Stt9KQSPZxsTXjUn33PWU/w3u6I3ywPkS:vjUZMuHWZxsTz+P1/wyT8
Threatray 10'883 similar samples on MalwareBazaar
TLSH T149351200BA90C035F5B711F96569A3ACA93E3EE05732A1CF62D52AEE13785E0EC31357
File icon (PE):PE icon
dhash icon 2dec137831939b91 (4 x Smoke Loader, 3 x RedLineStealer, 1 x Stop)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
248
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/249708/
Detection(s):
Win.Dropper.Generickdz-9939781-0
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Creating a window
Launching a process
Sending a custom TCP request
Sending an HTTP GET request
Creating a file in the %temp% directory
Сreating synchronization primitives
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/8934/overview
Behaviour
MalwareBazaar
SystemUptime
CPUID_Instruction
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
EvasionGetTickCount
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/622ba832b94fb38cb45f5081/reports/cf6d17a9-ece1-4118-93bc-030421be96cf/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f12d6fdb-8d01-44be-9f93-35e84ce48479
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/955202
Signature
Delayed program exit found
Machine Learning detection for sample
May use the Tor software to hide its network traffic
Multi AV Scanner detection for submitted file
Overwrites code with function prologues
Sigma detected: Suspicious Call by Ordinal
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8acfd843d915a1f12da9bbc0dc543d510be82e60257b99273883b6e55a990d9f/
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2022-03-11 19:51:17 UTC
File Type:
PE (Exe)
Extracted files:
15
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
00de2ed7834a34d0643df2cbd50188efe3fe66fba74cfd32ff98a7eb70717a46
2775e955bf03d93033ff2bf432ad95158e176d3207962d18dc47fd074d16ba9e
2f43972540a6cae0eb4e50d142860bdc278b44b9b4606747c58e19383efa82f5
5abcd78602091e9cddfec8f1e4bdd336ae58273466eb0981c2f980c4d91b6cb2
97a1dadc6e1ccaa807240649c63f175169b0badaf65be530e98ad7790d69fc1e
a229aee8edf8ebb3b5e3e418879641216f49d6e00f8358a0debd4c00ddf825e9
b0de3b3eb79e5291dcd933e0e8231c90208e2e11e894500fb7df6487ba259ba9
b4dfb7404501902f3881f568aca027a738eaa44af96e8ff22b5f58eb27562c1b
dcedf234c0f9d6fe3a4392693c82708c70c8e243f42f2e7073d35bd928f3b526
f607c65a219c8cf3a25a5a4338019a0814592c0cfaf5b466dbd0917167245ed0
+ 10'873 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220311-ykwg9sbae5/
Behaviour
Checks processor information in registry
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Blocklisted process makes network request
Unpacked files
SH256 hash:
a234ba242a592f71526a90070720066dad4fd0e59d15181190021451b87ef09e
MD5 hash:
c2841e10d04361344648842f85c1713d
SHA1 hash:
c21da2059920d0b6a02b4a6e2868fa9893b1a695
Link:
https://www.unpac.me/results/c7d058f5-29ce-4d58-ac37-e45b8f20dca3/
SH256 hash:
8acfd843d915a1f12da9bbc0dc543d510be82e60257b99273883b6e55a990d9f
MD5 hash:
0d154ff4b7f6772333dde1577881584b
SHA1 hash:
47444cf1def09af1b4e5c34b68bd480e6b765c78
Link:
https://www.unpac.me/results/c7d058f5-29ce-4d58-ac37-e45b8f20dca3/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/8acfd843d915/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8acfd843d915a1f12da9bbc0dc543d510be82e60257b99273883b6e55a990d9f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8acfd843d915a1f12da9bbc0dc543d510be82e60257b99273883b6e55a990d9f

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/249708/

Comments


Avatar
zbet commented on 2022-03-11 19:50:43 UTC

url : hxxp://23.106.122.5/m11.exe