MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98041f1d954b2448a86fb228caacd5864d3f355b5cef78a14d3716ef2090efd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98041f1d954b2448a86fb228caacd5864d3f355b5cef78a14d3716ef2090efd9
SHA3-384 hash: 043f8d5700ec005869d4e30d507df1355f7fb4acf08db428a6fa79ac6d64a03cfc75d93c070a1723ac0b5ae47fd9ad96
SHA1 hash: 51dda4d5236eb7d70f28d48f22e5b3ba29d88009
MD5 hash: 6bac0ec214fff2871ddae38a5d6c5b83
humanhash: connecticut-item-lamp-angel
File name:6bac0ec214fff2871ddae38a5d6c5b83.exe
Download: download sample
File size:380'416 bytes
First seen:2021-10-07 16:41:00 UTC
Last seen:2021-10-07 18:13:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c1d211268d6c769cc59ffca0e56e63c9 (5 x RaccoonStealer, 1 x ArkeiStealer, 1 x DanaBot)
ssdeep 6144:SyZ8hOkt6d9RnbgMEQrReLwpsSU4JSHpe2lyyK5+270a4lhplr9y:pdfbLrRJsGge2lyyK5+27Elh1y
Threatray 6'035 similar samples on MalwareBazaar
TLSH T1C984CF00BBA0C035F5F652B8097993B8B53F7EA16B39D4CB62D516EA46346E4EC3170B
File icon (PE):PE icon
dhash icon e0f8e8e8aa62a489 (2 x RedLineStealer, 1 x ArkeiStealer)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
303
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6bac0ec214fff2871ddae38a5d6c5b83.exe
Verdict:
No threats detected
Analysis date:
2021-10-07 17:09:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a2452ee1-e35a-47ee-a6fe-04630c50f8d4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/195923/
Detection(s):
SecuriteInfo.com.Suspicious.Win32.Save.a.25764.24313.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/615f2323b95458900cde5112/reports/ea27ea71-350f-4ab6-91ae-c8830f4e7003/overview
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ce402455-005a-470d-abce-7640c8867494
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/866582
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 499009 Sample: EYY6ZnKipB.exe Startdate: 07/10/2021 Architecture: WINDOWS Score: 24 15 Machine Learning detection for sample 2->15 6 EYY6ZnKipB.exe 1 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        11 conhost.exe 6->11         started        file5 13 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->13 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/98041f1d954b2448a86fb228caacd5864d3f355b5cef78a14d3716ef2090efd9/
Threat name:
Win32.Trojan.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-10-07 16:41:07 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
147a81a818e41f31acd78476ad65f7e59ff3c3bbd85626d91456838c8acacd11
5cdca6838044c712d83b192f693ae6da288d6cd065f431014f5569cbbe20b589
7d94e232d215d5e0aeda7f612c0b23aa13ee0591cbc9edfaf8bd69e6b311fc5e
7f5a55bdc72e1235c33759b32d8bd5f92d837ddf6f60a69339a246fb724cbb72
9351b3d3a5b780220b67f06c7cb9b8d49a95055f6aa0934b733b0208458cfa6f
9b9b66a158beacb1a23877ab25c70435a43f072f76a0ba35fed9ad32f781d04c
ac098ff6d0aab414dad2bce4a4a21ade100a6d4921bf90c7890409b8d37dea05
c033668e5a3c82e261b344df51117a1acca8a6eda9668c4fd854d5af8e6681a1
ec5e384e2dc1a77a23eaf3130d6fe73abf081fa7433e0d67295926943813a2c9
+ 6'025 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/211007-t64njschgj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
d930a9b63eb055d958a2a748c7771c50e575e631fe1623646fee985a71ccf6bf
MD5 hash:
fa42eee212f375773d6fe8155429124d
SHA1 hash:
c2d49d1cf3180a3a270411bbaaae4e1395e7e162
Link:
https://www.unpac.me/results/7118c1cc-77dc-4aa7-b57b-b1d62247f604/
SH256 hash:
98041f1d954b2448a86fb228caacd5864d3f355b5cef78a14d3716ef2090efd9
MD5 hash:
6bac0ec214fff2871ddae38a5d6c5b83
SHA1 hash:
51dda4d5236eb7d70f28d48f22e5b3ba29d88009
Link:
https://www.unpac.me/results/7118c1cc-77dc-4aa7-b57b-b1d62247f604/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/98041f1d954b2448a86fb228caacd5864d3f355b5cef78a14d3716ef2090efd9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 98041f1d954b2448a86fb228caacd5864d3f355b5cef78a14d3716ef2090efd9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1653255/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/195923/

Comments