MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9920bb4ffa12cd65cd2719b7933cb51894916dc2d33a533a5b2207480ea2102c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9920bb4ffa12cd65cd2719b7933cb51894916dc2d33a533a5b2207480ea2102c
SHA3-384 hash: e3cbaccbc12c869ffc82222448f969fe41e0a49478217fa11cf58276e4e8499f7f59535fc36cebd8364fd5695cc66de6
SHA1 hash: c25b84a65882599ff1ed96b85e28d712dd38f3c4
MD5 hash: 6abfe7fba964f62b4272f1953198ade7
humanhash: august-fish-colorado-oranges
File name:6abfe7fba964f62b4272f1953198ade7
Download: download sample
File size:5'509'632 bytes
First seen:2021-11-24 20:13:22 UTC
Last seen:2023-12-18 17:04:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 98304:8WQGN9lpFEc+LgLgLdaZzUlq4k4h+IwvEziIy:TNDbEc+c8aSlA4kTHX
Threatray 10 similar samples on MalwareBazaar
TLSH T1DD46338274482BEEF9082478D89E2432C7960E2534CD5FA4AB2F771F62E34A7935F45D
File icon (PE):PE icon
dhash icon 07030b0d2d271b1b
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
168
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6abfe7fba964f62b4272f1953198ade7
Verdict:
No threats detected
Analysis date:
2021-11-24 20:20:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ca46b6f6-415b-41f1-8cea-e5904ef70be1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Detection(s):
SecuriteInfo.com.Variant.Razy.608172.29199.14215.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for analyzing tools
Searching for the window
Sending a custom TCP request
DNS request
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/619e9d10f36138de3f3a88a7/reports/7c88dd9f-ca4c-4d29-8048-22d7d314c3e2/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dd1d5cad-8ab6-4e04-b934-0d57b0ba6aaf
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/895744
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Tries to detect sandboxes and other dynamic analysis tools (window names)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9920bb4ffa12cd65cd2719b7933cb51894916dc2d33a533a5b2207480ea2102c/
Threat name:
Win64.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2021-11-19 17:40:00 UTC
File Type:
PE+ (Exe)
Extracted files:
3
AV detection:
18 of 45 (40.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1306e24bda80da1dacddc7c7d808502407cc8b29960d807aed0327050ba32be6
29b10facf712978e41161daf15235a8d74ef5cf16318a5887e39ee1e8cff297b
368d69f599577877c3dca1b45eae62a7da934b832dc2f3b5dfcf18a99f3600be
5940f101c2313af56b4a56a059c9bc99db6384c9d5b2c78d214dcbb4925da303
7f614448fc2dadd4bc8a8e495e53d1d05c13d7202eb519b687f9b0c2996b4bef
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
8f5b300680db95b545347229941acb9113690ab187cd7ac7b2cc601b9e31a205
b464b774eb8a0f033ded0b5d0765f526cfbb4c38452c13e096f03dc7c8025094
decd15e2e48ecd6ad7fedaae8e9233c2a8594cd39fd32a2cb12c0fdaba7a1af6
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/211124-yz1ersggh3/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Checks BIOS information in registry
Unpacked files
SH256 hash:
9920bb4ffa12cd65cd2719b7933cb51894916dc2d33a533a5b2207480ea2102c
MD5 hash:
6abfe7fba964f62b4272f1953198ade7
SHA1 hash:
c25b84a65882599ff1ed96b85e28d712dd38f3c4
Link:
https://www.unpac.me/results/50d22ca8-0bd5-47fa-98da-04c66a11df59/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/9920bb4ffa12cd65cd2719b7933cb51894916dc2d33a533a5b2207480ea2102c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9920bb4ffa12cd65cd2719b7933cb51894916dc2d33a533a5b2207480ea2102c

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1813959/
Cape
Cape
https://www.capesandbox.com/analysis/209187/

Comments


Avatar
zbet commented on 2021-11-24 20:13:23 UTC

url : hxxps://klija.net/cool/klija1.exe