MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c03f4b772b9593a0e3b4a596216fa032474f54caf1714c26ad241534732351f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Retefe

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	9c03f4b772b9593a0e3b4a596216fa032474f54caf1714c26ad241534732351f
SHA3-384 hash:	25f8b64fae7ac73fef72a2f5a0cac0aea015a95b1e30a83557b3d9413ecacd753ff811b27a6774549bd320cb9ef956fd
SHA1 hash:	b47c2bcb62480e3eac5d20262f50727906ad6d22
MD5 hash:	e412b9ccba9b2ce735edc48887163060
humanhash:	lactose-papa-may-william
File name:	b47c2bcb62480e3eac5d20262f50727906ad6d22.bin
Download:	download sample
Signature	Retefe Create hunting rule
File size:	182'784 bytes
First seen:	2022-01-24 14:53:15 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f5163a20d8d90845fe659e29faa531f9 (1 x Retefe)
ssdeep	3072:/DH+PMqmZvtxkaI1wVeU4OYyn5sW9/SdhooPLB3jP0TUeyFn/jI+uAKV+xEZ:7ZRZqCc4n5oduSp4wes/MAjaZ
TLSH	T17E04BF5138C1C071E577183198B4CAB0A97EFD208F759EEB2398366E2F701D16A36DA7
dhash icon	239eb2eae2f2d225 (1 x Retefe)
Reporter	evandrix
Tags:	exe Retefe

Intelligence

File Origin

# of uploads :

# of downloads :

642

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

b47c2bcb62480e3eac5d20262f50727906ad6d22.bin

Verdict:

No threats detected

Analysis date:

2022-01-24 14:54:03 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/394f1e38-a249-46f5-b253-7894db2ca949

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/221980/

Detection(s):

Win.Trojan.Emotet-6364220-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Using the Windows Management Instrumentation requests

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Searching for the window

DNS request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

emotet graftor greyware packed strictor wscript.exe

Link:

https://www.filescan.io/uploads/61eebd930f8c757253e265fc/reports/8f9de1af-4c8f-4ec3-bfc4-a8a8dfee301a/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Retefe

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/c4d50251-4e9a-4047-8c42-4e2ea90f0e3e

Result

Threat name:

Retefe

Detection:

malicious

Classification:

bank

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/926402

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Retefe

Behaviour

Behavior Graph:

Download SVG

Detection:

retefe

Link:

https://mwdb.cert.pl/sample/9c03f4b772b9593a0e3b4a596216fa032474f54caf1714c26ad241534732351f/

Threat name:

Win32.Trojan.Graftor

Status:

Malicious

First seen:

2017-11-02 17:11:59 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

29 of 43 (67.44%)

Threat level:

5/5

Verdict:

malicious

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/220124-r9wq1afag2/

Behaviour

Download via BitsAdmin

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Blocklisted process makes network request

Malware Config

Dropper Extraction:

https://chocolatey.org/7za.exe

Unpacked files

SH256 hash:

9c03f4b772b9593a0e3b4a596216fa032474f54caf1714c26ad241534732351f

MD5 hash:

e412b9ccba9b2ce735edc48887163060

SHA1 hash:

b47c2bcb62480e3eac5d20262f50727906ad6d22

Detections:

win_retefe_g1

Link:

https://www.unpac.me/results/514bf96c-0631-4ff1-a068-3e930a3c5436/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9c03f4b772b9593a0e3b4a596216fa032474f54caf1714c26ad241534732351f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Retefe

exe 9c03f4b772b9593a0e3b4a596216fa032474f54caf1714c26ad241534732351f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1267/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/221980/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample