MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9bc2d0370517160aa6399f441cd1c46705da57122527930b3e3e7ea08c8e0875. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA 2 File information Comments

SHA256 hash:	9bc2d0370517160aa6399f441cd1c46705da57122527930b3e3e7ea08c8e0875
SHA3-384 hash:	b2c8761ed33956750df1ea397444d2e3417ef471a5a2029666fa692e7ac08d42f8fd7b90a844ce390e8a52c743589c4e
SHA1 hash:	15b3f25d8a50974fffee4f30652f66618dce0418
MD5 hash:	d6b20152c487f9c1680a9cb7fd771b76
humanhash:	pizza-colorado-ack-october
File name:	d6b20152c487f9c1680a9cb7fd771b76.exe
Download:	download sample
File size:	1'643'152 bytes
First seen:	2022-11-21 09:04:56 UTC
Last seen:	2022-11-21 10:41:27 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f5d63bd69da4ea401b6e8cb6b0ace3a1
ssdeep	24576:PLeAXpXwdY7ErGTBJdeBbc5HjbuTwE9SR7XFCRqcSs4UOEyy+lfcR:pv0Bbc5HEwnRASs4U7P+lI
Threatray	2 similar samples on MalwareBazaar
TLSH	T1D5758E213E45C07AD66221B08D3DE7AA09ECBF200F7165CB539C1A7D5E705D2AB35B2B
TrID	88.3% (.CPL) Windows Control Panel Item (generic) (197083/11/60) 4.7% (.EXE) Win64 Executable (generic) (10523/12/4) 2.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 2.0% (.EXE) Win32 Executable (generic) (4505/5/1) 0.9% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	abuse_ch
Tags:	exe signed

Code Signing Certificate

Organisation:	上海诺韦网络科技有限公司
Issuer:	DigiCert Assured ID Code Signing CA-1
Algorithm:	sha1WithRSAEncryption
Valid from:	2019-10-23T00:00:00Z
Valid to:	2020-10-26T12:00:00Z
Serial number:	051faec8af10897e57ec9bf105b61f5b
Thumbprint Algorithm:	SHA256
Thumbprint:	53971382abbe93c1389dae4a41259efc6ea50b3c7d81ab59f5efd9ce87b922b2
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

165

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

pcrat

ID:

File name:

virus.zip

Verdict:

Malicious activity

Analysis date:

2022-11-21 06:38:36 UTC

Tags:

trojan rat pcrat gh0st

Link:

https://app.any.run/tasks/79a97978-f43c-4b34-a562-db8d5c254dd7

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/336639/

Detection(s):

ditekSHen.MALWARE.Win.Ransomware.STOP.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

80%

Tags:

anti-vm fingerprint greyware keylogger overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/637b3f46883647d07fb65ab9/reports/4f67d55b-2ece-46e4-85db-68d5d547c245/overview

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/b0029ed0-fb39-49e3-a3b2-c0c127286211

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

evad

Score:

39 / 100

Link:

https://www.joesandbox.com/analysis/1117994

Signature

Contains functionality to compare user and computer (likely to detect sandboxes)

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9bc2d0370517160aa6399f441cd1c46705da57122527930b3e3e7ea08c8e0875/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tpbnanyfc4lavjrzt5cbzuoem4c5uvyseutzgcz6hz7kbdeobb2q._file

Verdict:

unknown

86ba5195ceef7562b3baf057bdbcd40123fa5fea2cb4c95dc50ffdedfbe088c4

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/221121-k17nksga5v/

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/66fbc954-31c0-4852-afdf-203d5e7f192a

Unpacked files

SH256 hash:

9bc2d0370517160aa6399f441cd1c46705da57122527930b3e3e7ea08c8e0875

MD5 hash:

d6b20152c487f9c1680a9cb7fd771b76

SHA1 hash:

15b3f25d8a50974fffee4f30652f66618dce0418

Link:

https://www.unpac.me/results/5aca0d56-bb3b-42b2-ba7e-c44e24841a31/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.99

Link:

https://yomi.yoroi.company/submissions/9bc2d0370517160aa6399f441cd1c46705da57122527930b3e3e7ea08c8e0875

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	pdb_YARAify Create hunting rule
Author:	@wowabiy314
Description:	PDB

Rule name:	QbotStuff Create hunting rule
Author:	anonymous

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 9bc2d0370517160aa6399f441cd1c46705da57122527930b3e3e7ea08c8e0875

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2428363/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/336639/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample