MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8fd3f5051481a5fdd39bc3546a6aafc6b36f2ee8a4d29eb85d8a42f196bcd2dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CryptOne


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8fd3f5051481a5fdd39bc3546a6aafc6b36f2ee8a4d29eb85d8a42f196bcd2dd
SHA3-384 hash: 2ef1c9ae291b04bfc553f50d6c8d3716996d311e90765db3e3903cd0568b28482bfe6f65a80c7ed7d3e86f48f0417f4e
SHA1 hash: 1da55cea294a11a89eeda5d9ffbb630ac22ea170
MD5 hash: 5778f8394f502eada2a8313579747801
humanhash: idaho-queen-florida-failed
File name:SecuriteInfo.com.Win32.Evo-gen.31072.14169
Download: download sample
Signature CryptOne
Create hunting rule
File size:1'835'336 bytes
First seen:2022-11-23 19:33:11 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 5584427393c75b080eb7ecbdffc8bd60 (1 x CryptOne)
ssdeep 24576:YhDMjFEoUbVQnJfOfBRWblrRIU02lZf4tlj2xMaBLMuyuihDVBuV/MuYvBxcw8:Yqy2JSBRel9IU0eVxMmoduihrEHYZxz8
Threatray 3 similar samples on MalwareBazaar
TLSH T150850122F1914437E1B2167D8D6B6274A83AFF052E3D798727E81D8C4F793A0391639B
TrID 47.6% (.EXE) Win32 Executable Delphi generic (14182/79/4)
15.1% (.EXE) Win32 Executable (generic) (4505/5/1)
10.0% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
6.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
6.8% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner)
Reporter SecuriteInfoCom
Tags:CryptOne dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
178
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/337821/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.31072.14169.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware keylogger overlay packed
Link:
https://www.filescan.io/uploads/637e75ad559d07a06f47122b/reports/61a8a0d4-84a0-437e-ac29-1d42994c4416/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d210d667-691b-4c55-b5a9-405773313d2c
Result
Threat name:
CryptOne
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1120060
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to detect sleep reduction / modifications
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected CryptOne packer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 752774 Sample: SecuriteInfo.com.Win32.Evo-... Startdate: 23/11/2022 Architecture: WINDOWS Score: 72 16 Antivirus / Scanner detection for submitted sample 2->16 18 Multi AV Scanner detection for submitted file 2->18 20 Yara detected CryptOne packer 2->20 22 Machine Learning detection for sample 2->22 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 rundll32.exe 9->13         started        signatures6 24 Contains functionality to detect sleep reduction / modifications 13->24
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8fd3f5051481a5fdd39bc3546a6aafc6b36f2ee8a4d29eb85d8a42f196bcd2dd/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2022-11-23 19:34:13 UTC
File Type:
PE (Dll)
Extracted files:
38
AV detection:
24 of 26 (92.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r7j7kbiuqgs73u43ynkgu2vpy2zw6lxiutjj5oc5rjbpdfv42loq._file
Verdict:
malicious
Similar samples:
8398a389a933d9c864f1e940492c354d8d04795b4153ece7a9615e8c26ac36e7
CryptOne
e1c1ddf6eb34c6be593f5a46848af10dedaaf5917f55023b26d918e61709e8bb
CryptOne
ef87eac9116238891e4267d49e2e26e9d613205a23ebf64cffe4af2f1b949e83
CryptOne
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221123-x93r7shd58/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
cac9c95b6ca2b7b6ed19ddfb97c5a37cbfc7569ab789a0be58b0e4f5085a6de4
MD5 hash:
355daa6355e079f039d1015f8dc858e2
SHA1 hash:
768c49912b07370b81d897e9201c4a144d693678
Link:
https://www.unpac.me/results/28440f99-33f0-4f62-94c0-b4a5cc089a92/
SH256 hash:
8fd3f5051481a5fdd39bc3546a6aafc6b36f2ee8a4d29eb85d8a42f196bcd2dd
MD5 hash:
5778f8394f502eada2a8313579747801
SHA1 hash:
1da55cea294a11a89eeda5d9ffbb630ac22ea170
Link:
https://www.unpac.me/results/28440f99-33f0-4f62-94c0-b4a5cc089a92/
Malware family:
CryptOne
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8fd3f5051481/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8fd3f5051481a5fdd39bc3546a6aafc6b36f2ee8a4d29eb85d8a42f196bcd2dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CryptOne

DLL dll 8fd3f5051481a5fdd39bc3546a6aafc6b36f2ee8a4d29eb85d8a42f196bcd2dd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2431570/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2431569/
  
URLhaus
https://urlhaus.abuse.ch/url/2431573/
Cape
Cape
https://www.capesandbox.com/analysis/337821/

Comments