MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c748a69c48b79e6422b3bea1766e415de5532cb7ba2b9673d5a51163e6c1df2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jigsaw


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c748a69c48b79e6422b3bea1766e415de5532cb7ba2b9673d5a51163e6c1df2
SHA3-384 hash: 335439723f8f40b499627ff47871a9f6d8d2c47aee4c62b5934dd9cdb5c47e25e6887db037975f59da485789d2243bb3
SHA1 hash: b1055faf8ac2c14ce5c45f1954c45f7ab6a986eb
MD5 hash: 3dcd284892131ed336b5801c7993d3ed
humanhash: tennessee-east-lake-nitrogen
File name:3dcd284892131ed336b5801c7993d3ed.exe
Download: download sample
Signature Jigsaw
Create hunting rule
File size:1'929'216 bytes
First seen:2021-01-13 06:08:26 UTC
Last seen:2021-01-13 08:00:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9dd8c0ff4fc84287e5b766563240f983 (3 x HawkEye, 2 x Jigsaw, 2 x njrat)
ssdeep 49152:WntTXtFLGCI5rvuvIZTObegCFBNJ3M+eUkcln82x:W9tFLGC4rWvIZTObRCnHbRVO2x
Threatray 243 similar samples on MalwareBazaar
TLSH F99523107550C1B2E5B6443884F68F7F6A293A614B6995E7B2DD07BE2F213E0B2772CC
Reporter abuse_ch
Tags:exe Jigsaw

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'802
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3dcd284892131ed336b5801c7993d3ed.exe
Verdict:
No threats detected
Analysis date:
2021-01-13 06:57:26 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e21924fe-5c9b-458e-9a63-b22bd322d064

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111672/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45441895.26349.32663.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/579746
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c748a69c48b79e6422b3bea1766e415de5532cb7ba2b9673d5a51163e6c1df2/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-12-28 12:22:57 UTC
AV detection:
9 of 29 (31.03%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tr2iu2oern46mqrlhpvbozxecxpfkmwlporlszz5ljirmptmdxza._file
Verdict:
malicious
Similar samples:
0874efe680cfb9ab53997e6f4b5e1159d1d4d51f485a6845fc90cd03d10ca29f
Jigsaw
134e51b800db1c1a5696a4624bc1693fab9019e81ea0a43af7067e00f6cd5b67
Jigsaw
3e65f5a5983ed021643425c83b8ffc1f324402a3acd38bf6625658218a690fa0
Jigsaw
42c192c4d0c4867218e35386408bb626bf7f812e503bda366a1adb2f7ecd79db
Jigsaw
4a8a8d8faabf6613961d6317ab29f33a81a47fbce80e288970fe96e1f67246a6
Jigsaw
52f1036c20ed23f457be56d231119ad5471564e4095ffd0cc9d614fa89ef9356
Jigsaw
65b904f1a835b7b95e8644177287c03b1eae3a75432dd397347c7416be0ce253
Jigsaw
934ccb45d0e7f922e94cdb4a03152adf1b050b9575bf0790fecb0a4b3c68540b
Jigsaw
c1dad248279062c4c79245226d28fe8565bad5d652b0dae10ed81b310581e73d
Jigsaw
fcfc827205cd38cdf997f72b1d58eba51ac12da6ba5939279b626522b11fd938
Jigsaw
+ 233 additional samples on MalwareBazaar
Result
Malware family:
xmrig
Create hunting rule
Score:
  10/10
Tags:
family:xmrig miner persistence ransomware spyware
Link:
https://tria.ge/reports/210113-qmgklkv3dn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Drops file in Windows directory
Drops file in System32 directory
Sets desktop wallpaper using registry
Adds Run key to start application
Looks up external IP address via web service
Drops desktop.ini file(s)
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Modifies extensions of user files
xmrig
Unpacked files
SH256 hash:
9c748a69c48b79e6422b3bea1766e415de5532cb7ba2b9673d5a51163e6c1df2
MD5 hash:
3dcd284892131ed336b5801c7993d3ed
SHA1 hash:
b1055faf8ac2c14ce5c45f1954c45f7ab6a986eb
Link:
https://www.unpac.me/results/efba514c-9075-45bc-9389-74a7f5e97c67/
SH256 hash:
cee078608b4a2e286a997c38878c0519ffe5e59ffdffb01fd3190437851b082b
MD5 hash:
73010db80e641750252732ea99e59f09
SHA1 hash:
a0b2243860a30581a53cdcaea5548a8737e8a528
Link:
https://www.unpac.me/results/efba514c-9075-45bc-9389-74a7f5e97c67/
SH256 hash:
75e53555f75b846a7234455324d64b41e86c83bb45276b7f1050f0451d88bc34
MD5 hash:
adbc426a36741a09d6aa5e6406e39966
SHA1 hash:
e864046ac36b27a699b733522c3a4777f7033b03
Link:
https://www.unpac.me/results/efba514c-9075-45bc-9389-74a7f5e97c67/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Filecoder
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9c748a69c48b79e6422b3bea1766e415de5532cb7ba2b9673d5a51163e6c1df2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/111672/

Comments