MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8fcfdca4fec3425766fc7a684dbfbb471766633a288d5d449ebe4c0e0bc0431f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8fcfdca4fec3425766fc7a684dbfbb471766633a288d5d449ebe4c0e0bc0431f
SHA3-384 hash: 770e5d019a4bfb9a014b4765e2e735a76679a9bbff37de64f2cd046cd5f2a46e7f63499c51058e87cf49c1638714daf4
SHA1 hash: 704124e5cb9abf91f0728f51e72474728d791678
MD5 hash: a5a5ea07f33b92cc747814c3c786fa88
humanhash: bacon-massachusetts-mountain-william
File name:a5a5ea07f33b92cc747814c3c786fa88.exe
Download: download sample
File size:654'848 bytes
First seen:2022-02-07 14:53:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3992ac7231f0256688a64c1f28a852b0
ssdeep 12288:gKYYou5eJDCcqQDENamtPuxllp4TnHnHVPaudLCwivorx96mMkhzP7YMITTi/:rH0JtqMomlf4TnJHdLfivOlVPz/
Threatray 899 similar samples on MalwareBazaar
TLSH T18CD4E100BAE0C035F1B713F9457AA368B93E7AA19B2454CB63D51BEE1A34AE0DD31357
File icon (PE):PE icon
dhash icon badacabecee6baa2 (28 x RedLineStealer, 19 x Stop, 13 x Smoke Loader)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/235888/
Detection(s):
Win.Packed.Filerepmalware-9938531-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Creating a file in the %AppData% subdirectories
Сreating synchronization primitives
Query of malicious DNS domain
Sending an HTTP GET request to an infection source
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/6255/overview
Behaviour
MalwareBazaar
SystemUptime
CPUID_Instruction
MeasuringTime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6201328ec79b424d72057922/reports/9a0f5d01-eb6a-474e-be07-95b54fe5e348/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/06f1f91a-7738-4b02-86ff-3403cb89e29c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spre.troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/935398
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8fcfdca4fec3425766fc7a684dbfbb471766633a288d5d449ebe4c0e0bc0431f/
Threat name:
Win32.Trojan.Raccrypt
Create hunting rule
Status:
Malicious
First seen:
2022-02-07 14:54:11 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
009d746595fe90a50e9efb737f49a25fa5787f80b56c4076605eea0f983c1e58
2c49fcbd5eda5275d8d2ef98ee7e0c63d978b6d904e3e750ea9d01e52fe16ce9
556274658598eef16051157d298e3a1062d46ebee23bf491268a68c3a8996be5
56288aa7af61d7110f116681c6785f3ac6ffc269bd7a6a5051040b803c4dbea4
a8065894783bc05b961b4ce6a0d8a3dd0d1edcc83b294b18df7af0dab0db430a
d1393748b163640113850583346ee301192def81a399142aa276691eecd4314a
d147f74b457cd669430ad9508c5aded7437ce700694e461d10a55215ccb37714
fa38a8bfa024e668a67198bb86add37c4c3b080295b078f9b5e5fe92709b8adc
+ 889 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220207-r9xnasddf8/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Enumerates physical storage devices
Drops file in Windows directory
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Unpacked files
SH256 hash:
86cec2665ff431668f274fecddf883fb5b532c06ee1a495ce60d5fbbb90c3a33
MD5 hash:
f7246b8631cad60d643fe3625a823397
SHA1 hash:
3aabf69029480970b338bb37a511d307aaf40c79
Link:
https://www.unpac.me/results/a755bc55-a0a3-4bbf-9cd8-bbdfa0120d7c/
SH256 hash:
8fcfdca4fec3425766fc7a684dbfbb471766633a288d5d449ebe4c0e0bc0431f
MD5 hash:
a5a5ea07f33b92cc747814c3c786fa88
SHA1 hash:
704124e5cb9abf91f0728f51e72474728d791678
Link:
https://www.unpac.me/results/a755bc55-a0a3-4bbf-9cd8-bbdfa0120d7c/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8fcfdca4fec3425766fc7a684dbfbb471766633a288d5d449ebe4c0e0bc0431f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1942109/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/235888/

Comments