MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c412f0e45ae2531e572075680337abb0c2e7e6e0be14f1cbc0a01102796bf7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c412f0e45ae2531e572075680337abb0c2e7e6e0be14f1cbc0a01102796bf7e
SHA3-384 hash: 839dacce6d8f1a6d54fd0f09ee61b4eadc6f3903d59064adf10797acc49d85b34e089700273d5b587e4ca32a3f702971
SHA1 hash: 27021dd1dc46a3c43cab13eb1896fb492bee4936
MD5 hash: 78ae1bc29bdb7e50d7f8c9bd4343ab89
humanhash: beer-purple-minnesota-sweet
File name:78ae1bc29bdb7e50d7f8c9bd4343ab89
Download: download sample
File size:3'679 bytes
First seen:2024-10-18 07:36:46 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 48:ysnR2UCM1uQuLyz/1R9G4CEVxBoCiGQmH7XXRxYslZCOzqvw90yqYE3RJQBR7cUQ:yo7w+9lovWVCslTqvGGsRx5XyZ
TLSH T1D0716E8F139F8F0DDD30947141822558B27AF2D88C508F4D52BD6A26CD3BC9AE2A7174
TrID 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1)
42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Magika sevenzip
Reporter zbetcheckin
Tags:7z

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
FR FR
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:sitef_monitoring-32.vbs
File size:719'180 bytes
SHA256 hash: e5aa09aa422ee96f1b9f74a8359ac72099cfc36e325fb70c5454c8ce0fe1635b
MD5 hash: 8827e9f6b511cf545a0a130491f7045d
MIME type:text/plain
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Vbs_7z.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67122cf6e706a56b5a02b29d
Tags:
Infosteal Dropper Spawn
Gathering data
Verdict:
Suspicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/8c412f0e45ae2531e572075680337abb0c2e7e6e0be14f1cbc0a01102796bf7e
Result
Verdict:
MALICIOUS
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/8c412f0e45ae2531e572075680337abb0c2e7e6e0be14f1cbc0a01102796bf7e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c412f0e45ae2531e572075680337abb0c2e7e6e0be14f1cbc0a01102796bf7e/
Threat name:
Script-WScript.Trojan.RemcosRAT
Create hunting rule
Status:
Malicious
First seen:
2024-10-18 08:07:41 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rras6dsfvystdzlsa5liam32xmgc47tobpqu6hf4biaraj4wx57a._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
execution
Link:
https://tria.ge/reports/241018-lm7xvssdnn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Drops startup file
Blocklisted process makes network request
Malware Config
Dropper Extraction:
https://pt.textbin.net/download/igvxdijw4q
https://filedn.com/lOX1R8Sv7vhpEG9Q77kMbn0/2023/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8c412f0e45ae2531e572075680337abb0c2e7e6e0be14f1cbc0a01102796bf7e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

7z 8c412f0e45ae2531e572075680337abb0c2e7e6e0be14f1cbc0a01102796bf7e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3240590/

Comments


Avatar
zbet commented on 2024-10-18 07:36:47 UTC

url : hxxp://n.ddnsgratis.com.br/sitef/sitef32/CRYPTER/sitef_monitoring-32_crypter.7z