MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c7cd86de644d67f36634e5b6df6b66d015e00b57914a094cb2341030c9bd8f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c7cd86de644d67f36634e5b6df6b66d015e00b57914a094cb2341030c9bd8f1
SHA3-384 hash: 488e93751167e73cb0a6bba2dafdd35613d4fec38463d35a67e9ef4b00220ea3d705dc4ce8503b18668e76bc17175c08
SHA1 hash: 8861e3332e4355ec5633558ceecba69efcfa71fd
MD5 hash: c1ecabb05bd61ee76f0682d4a48143f3
humanhash: hot-ack-princess-berlin
File name:ASAPP1.exe
Download: download sample
File size:275'456 bytes
First seen:2022-01-21 01:58:00 UTC
Last seen:2022-01-21 04:10:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 56a78d55f3f7af51443e58e0ce2fb5f6 (728 x GuLoader, 451 x Formbook, 295 x Loki)
ssdeep 3072:MbG7N2kDmUpKuP8em2x/cFOjZBk1if/YskPJPRl1aem2Y+S/b:MbESUl89yvkEf/YskxJlE9P+2
Threatray 394 similar samples on MalwareBazaar
TLSH T1F144E12467B0C4B3C5B00A354DF767772FBBBC1566A19E0317D06A983C623D29E2E399
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter AndreGironda
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
228
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.19331.13545.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe shell32.dll
Link:
https://www.filescan.io/uploads/61ea132ed32385db631237cf/reports/e59e3965-97c1-429f-a224-c1f25314b577/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/213a77a6-4a7b-4827-be35-2e5381326c98
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/924913
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c7cd86de644d67f36634e5b6df6b66d015e00b57914a094cb2341030c9bd8f1/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-01-21 01:58:10 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
03430361a6d2fe6c89d6b237ca9b887cc6269187b305afc9ef3d8642533698c4
10eb78f5a36f8ca290bf100f6f05d7a04489cef0023e86860062d6d03e6fa9ed
2992c4b00c678a438b0b935e09e0fd341a44c46fe0dd2f18621570f55133e4df
39cd27e2d57db8bfedfc31413679e5c4cb27274a45c0acb98c0ad81905729ca5
767c546decf6f669263e4a0a87a0f5d92234e031e9a0de3733fa954a8f3e0255
819c9d8c88fc1ffbfeae1797646f7b90f930fef4dae513fe8e43fad3bf475bf0
a319ca95679f9e8a30001a66ec55403a08be8c7398916746baea02c6c6539d02
cf7daf882b7643be6a603b6fa957c1a3d286fecd2f862a1acf5674454595d625
+ 384 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/220121-cdt5zacghj/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Sets service image path in registry
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
MD5 hash:
cff85c549d536f651d4fb8387f1976f2
SHA1 hash:
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
Link:
https://www.unpac.me/results/823588cb-8625-4b67-9300-140d77316bc9/
SH256 hash:
9c7cd86de644d67f36634e5b6df6b66d015e00b57914a094cb2341030c9bd8f1
MD5 hash:
c1ecabb05bd61ee76f0682d4a48143f3
SHA1 hash:
8861e3332e4355ec5633558ceecba69efcfa71fd
Link:
https://www.unpac.me/results/823588cb-8625-4b67-9300-140d77316bc9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9c7cd86de644d67f36634e5b6df6b66d015e00b57914a094cb2341030c9bd8f1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Word file doc ab980575f1abd51f4401c6785345649318444b681eb56880028046936cecc3da

GuLoader

Executable exe e12cd78365630b9cb54314ad1b51960a03e18940bd96bfe4a62ddd7f9d135699

Executable exe 9c7cd86de644d67f36634e5b6df6b66d015e00b57914a094cb2341030c9bd8f1

(this sample)

Cape
Cape
https://capesandbox.com/analysis/221321/
  
Dropped by
SHA256 e12cd78365630b9cb54314ad1b51960a03e18940bd96bfe4a62ddd7f9d135699
  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/1994438/

Comments