MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94e022cc268feee9f2a1a08260ecbb9767bfc0383ccabfb12330c30b5edf4933. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94e022cc268feee9f2a1a08260ecbb9767bfc0383ccabfb12330c30b5edf4933
SHA3-384 hash: b8c7d991aaf15553621afd81cd21ff834a984b0a4eeee79fccc6ad8448ffb3ad86242e3d82b28cb0dc7bfb2c19b753c1
SHA1 hash: bf9b9caee8e18035c3c33a1c58a969fb2783e99b
MD5 hash: d794925e539d925204726b49a49ff84a
humanhash: don-speaker-table-cardinal
File name:d794925e539d925204726b49a49ff84a
Download: download sample
File size:172'032 bytes
First seen:2022-03-25 13:12:40 UTC
Last seen:2022-03-25 14:51:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 17b4b1fe70fbbdccbba7c09889838934 (3 x AZORult, 2 x Worm.Ramnit, 1 x RedLineStealer)
ssdeep 3072:DDHsTdQKLX9ZPZrT3oBt3AWc5PASRsuSAV17SGBmPC1:S3NwDGPQ1A/Om
Threatray 10'309 similar samples on MalwareBazaar
TLSH T17DF3D04D1EE74633F75B8A705F8486D98B7E7C773627AA0FEF48186807B2A050066277
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
206
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/257695/
Detection(s):
SecuriteInfo.com.Variant.Jaik.54546.16499.3499.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug anti-vm control.exe greyware hacktool obfuscated packed
Link:
https://www.filescan.io/uploads/623dbfe59253b276b76ca107/reports/1df35034-0185-40d1-bae7-ae0970faaf22/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/020edb5a-8d58-42e4-b341-d03a708f582b
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/964583
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Contains functionality to compare user and computer (likely to detect sandboxes)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Bypass UAC via Fodhelper.exe
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 597066 Sample: WG2qK9HTz5 Startdate: 25/03/2022 Architecture: WINDOWS Score: 100 32 Found malware configuration 2->32 34 Malicious sample detected (through community Yara rule) 2->34 36 Antivirus / Scanner detection for submitted sample 2->36 38 4 other signatures 2->38 8 WG2qK9HTz5.exe 13 2->8         started        11 fodhelper.exe 4 2->11         started        13 fodhelper.exe 4 2->13         started        process3 signatures4 40 Uses schtasks.exe or at.exe to add and modify task schedules 8->40 42 Maps a DLL or memory area into another process 8->42 44 Contains functionality to compare user and computer (likely to detect sandboxes) 8->44 15 WG2qK9HTz5.exe 3 8->15         started        46 Antivirus detection for dropped file 11->46 48 Multi AV Scanner detection for dropped file 11->48 50 Machine Learning detection for dropped file 11->50 18 fodhelper.exe 11->18         started        process5 file6 28 C:\Users\user\AppData\...\fodhelper.exe, PE32 15->28 dropped 30 C:\Users\...\fodhelper.exe:Zone.Identifier, ASCII 15->30 dropped 20 schtasks.exe 1 15->20         started        22 schtasks.exe 1 18->22         started        process7 process8 24 conhost.exe 20->24         started        26 conhost.exe 22->26         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/94e022cc268feee9f2a1a08260ecbb9767bfc0383ccabfb12330c30b5edf4933/
Threat name:
Win32.Trojan.Jaik
Create hunting rule
Status:
Malicious
First seen:
2022-03-25 13:13:11 UTC
File Type:
PE (Exe)
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8
175b071e0af990176bee9c03654353b1ace449489048941e7c567a7f897814e5
2cb326bf23a15dfa548df0266743efffefe1cb91450b3146e03e72f51c2cf0d9
5091b0812652b76aa775615c4887c2f01934763ebd857bb0cbd40f3debc36770
820b1216485962fa3501dc8bd02a76bdb821fd7b6ffab858c4ebe135c4246090
bb7206c1e7aa981a59c0adfea068fc8819665495c4023ce9cb06f86456b37eec
c770def66ece0d6100ca50a3b54898be0c177e7d0baddd8803785571f83c1c1a
ce931ede894759cdd518d9dd8f4a9888b7fa3656bd6fa3bc0b66514b985efb5d
e1589588b95e03844e0f5ccae574e722d68351c867b8535cd3df9467d381cdbb
+ 10'299 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220325-qf4n3sdbhl/
Behaviour
Creates scheduled task(s)
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Executes dropped EXE
Unpacked files
SH256 hash:
c6dcf48a20a4de6d0264604841e86a90fca8beef8326574d505c307a264563be
MD5 hash:
6a1d5363f62bb8bf8e57eff8f267d3eb
SHA1 hash:
7c0f9a1c78a9d5b24e06f65674158b3e68b95e66
Link:
https://www.unpac.me/results/937f6136-4941-499e-a146-037f1169d5ed/
SH256 hash:
94e022cc268feee9f2a1a08260ecbb9767bfc0383ccabfb12330c30b5edf4933
MD5 hash:
d794925e539d925204726b49a49ff84a
SHA1 hash:
bf9b9caee8e18035c3c33a1c58a969fb2783e99b
Link:
https://www.unpac.me/results/937f6136-4941-499e-a146-037f1169d5ed/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/94e022cc268feee9f2a1a08260ecbb9767bfc0383ccabfb12330c30b5edf4933

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 94e022cc268feee9f2a1a08260ecbb9767bfc0383ccabfb12330c30b5edf4933

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2115183/
Cape
Cape
https://www.capesandbox.com/analysis/257695/

Comments


Avatar
zbet commented on 2022-03-25 13:12:47 UTC

url : hxxp://62.204.41.69/cc.exe