MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99a6b979823a1de5127de403a90d9b485e713dd74db15f0aa6ab3dda1006312b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99a6b979823a1de5127de403a90d9b485e713dd74db15f0aa6ab3dda1006312b
SHA3-384 hash: 1e78e1bfedcfc8a036d2fa874619dccf461d94ce692eb0de7617809d7f3417b81e67886500882c88058eccb83a72eb16
SHA1 hash: 7ab92bdd3e8d2069d2eccebd4cb40f966ab00c4f
MD5 hash: 4c516a0987c48d0830702ffe18166501
humanhash: salami-zulu-juliet-undress
File name:4c516a0987c48d0830702ffe18166501.exe
Download: download sample
File size:648'704 bytes
First seen:2022-01-15 08:26:55 UTC
Last seen:2022-01-15 10:52:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 64f7fef844b1e4fdfabf9d9b629075a0 (3 x RedLineStealer, 1 x OnlyLogger)
ssdeep 12288:LasbuogH1m6arIK9WiGMUW9FG1BFYRP1KlR9Jpp6lmH7TP1bKb6/ybr:+Ou5Vm6aEK8iGMBMY11KlNF3JKmq
Threatray 46 similar samples on MalwareBazaar
TLSH T1C9D4F010BBA0D035F1B352F44A79933DB53E3AA2976590CB12D51BEE5A346E0EE31327
File icon (PE):PE icon
dhash icon 2dac137039939b91 (13 x RedLineStealer, 9 x Amadey, 9 x Smoke Loader)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
172
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4c516a0987c48d0830702ffe18166501.exe
Verdict:
Malicious activity
Analysis date:
2022-01-15 08:29:11 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ce89da7c-8c58-426a-81b4-ebea8f19c015

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/219449/
Detection(s):
Win.Packed.Crypterx-9936122-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Rewriting of the hard drive's master boot record
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/4243/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
CPUID_Instruction
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61e2855b1883c5ba4ecf0bbd/reports/dc8cb191-8a5c-4fcf-aa91-4baa829dba13/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Pitou
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f9600c6e-6ba7-4b7e-90a4-38db0ed4eb73
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/921079
Signature
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99a6b979823a1de5127de403a90d9b485e713dd74db15f0aa6ab3dda1006312b/
Threat name:
Win32.Ransomware.LockbitCrypt
Create hunting rule
Status:
Malicious
First seen:
2022-01-15 08:27:13 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
22 of 27 (81.48%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
027f7d07a53bd9d2c6cd901a9a800dd1f5ed0063f5a16761aa6f3b6ac7328ff6
1826805f293e5ef43536005c51ea4b72da36745b48dddd6e508c0b7ecc5c7f54
3c6d3d8d1d1cd0e7503c141e407c2d0f13f87b5b76dac2cff033baa027033e1c
4a12d29a59f80a7deb10effbba67169f9898969133ae7c4d94c3d500cc93de5f
9ab85c68338687154f9ac21de8f1a25828cc75aef1b69b09add600727ffabcc4
a09cbb1704807a612702a6fd63c2c58d096da4c99034be7fc1d92bc5ef7bfc1b
b8041d0735e3ef4ef4714f324de4c63237f500baa52698559e2727c5a8ede61a
c7ccfa2edebbfbe1f3c5dbcd120bbfc828ffcd1b78aae558e401c1e1c30fa825
ce1ab55a70d98baf0f844e1bc21f376ff356ddb9067523f908315934c346737a
f1c367a9e61a79e35b25ced3249166e442845a3d63a06524fb908477140c9f10
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
bootkit persistence
Link:
https://tria.ge/reports/220115-kce9esddb9/
Behaviour
Writes to the Master Boot Record (MBR)
Unpacked files
SH256 hash:
e4525e11db14618785e204cb87842eb4f71a0dd3fde7508475254181daf4817c
MD5 hash:
7b1c1ce13434e6d54c42f3f9ac46d0e4
SHA1 hash:
77ebad305f9c6e0c02ac6414ec47924934624ba4
Link:
https://www.unpac.me/results/f53d44e9-8043-40ed-988e-24523631940c/
SH256 hash:
99a6b979823a1de5127de403a90d9b485e713dd74db15f0aa6ab3dda1006312b
MD5 hash:
4c516a0987c48d0830702ffe18166501
SHA1 hash:
7ab92bdd3e8d2069d2eccebd4cb40f966ab00c4f
Link:
https://www.unpac.me/results/f53d44e9-8043-40ed-988e-24523631940c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/99a6b979823a1de5127de403a90d9b485e713dd74db15f0aa6ab3dda1006312b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/219449/

Comments