MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9cbdf7f433f59f69ed01b5d6928259ad816d83c3680b8d14bbc54f2e8cd7b752. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9cbdf7f433f59f69ed01b5d6928259ad816d83c3680b8d14bbc54f2e8cd7b752
SHA3-384 hash: 8c996092d490f6251f9b6741d769cd16ce734a79ba9c845536da8980ef47f97e7ae137e84ca774d518d13a95b0b42634
SHA1 hash: ad78f990a67cf65de8a90374b67ef5a7f311e9d4
MD5 hash: 5b85133b19a6c4648325e76b92e4a4a5
humanhash: batman-johnny-green-october
File name:5b85133b19a6c4648325e76b92e4a4a5.exe
Download: download sample
File size:1'843'394 bytes
First seen:2021-07-16 18:50:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 524711ec9c5a149fe3bf3479d0b505b6 (3 x Cryptbot)
ssdeep 49152:QJlNbeA201Fshj1Xv5Zyf1GDw0NRdN3PjRXud0g2BCxpae04DH0:QJd2j1froEDbrT3Lg5CZ4DH0
Threatray 336 similar samples on MalwareBazaar
TLSH T19B85AB1EA992B065C29FB6F3351DD7440166AD9F13E0F186630CFF1ADDAC799C620326
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5b85133b19a6c4648325e76b92e4a4a5.exe
Verdict:
Malicious activity
Analysis date:
2021-07-16 18:53:04 UTC
Tags:
stealer trojan loader
Link:
https://app.any.run/tasks/3873531c-5061-465a-b244-770c93671f9b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/172249/
Detection(s):
Win.Malware.Crypzip-9879015-0
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5c0d6da4-858b-456c-aaf9-d6be6c70ae51
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/817659
Signature
Contains functionality to register a low level keyboard hook
Multi AV Scanner detection for submitted file
Obfuscated command line found
Submitted sample is a known malware sample
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 450075 Sample: DbeHGsaQPo.exe Startdate: 16/07/2021 Architecture: WINDOWS Score: 64 41 Multi AV Scanner detection for submitted file 2->41 9 DbeHGsaQPo.exe 7 2->9         started        process3 dnsIp4 33 192.168.2.1 unknown unknown 9->33 43 Contains functionality to register a low level keyboard hook 9->43 13 cmd.exe 1 9->13         started        signatures5 process6 signatures7 45 Submitted sample is a known malware sample 13->45 47 Obfuscated command line found 13->47 49 Uses ping.exe to sleep 13->49 51 Uses ping.exe to check the status of other devices and networks 13->51 16 cmd.exe 3 13->16         started        19 conhost.exe 13->19         started        process8 signatures9 37 Obfuscated command line found 16->37 39 Uses ping.exe to sleep 16->39 21 PING.EXE 1 16->21         started        24 Sospettoso.exe.com 16->24         started        26 findstr.exe 1 16->26         started        process10 dnsIp11 31 127.0.0.1 unknown unknown 21->31 28 Sospettoso.exe.com 24->28         started        process12 dnsIp13 35 aVycbdOVyVAaeP.aVycbdOVyVAaeP 28->35
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9cbdf7f433f59f69ed01b5d6928259ad816d83c3680b8d14bbc54f2e8cd7b752/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2021-07-16 18:51:05 UTC
AV detection:
10 of 28 (35.71%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
54f791796231f7899d753f0ba44e7387bf7748dc7a28adbd28f2067c9ab88605
705b09578c6785adb9c29b9d9e5c57fe8c3892ec6cc0a04b099d205a1794aaf7
719cf0c9eba47af19500753dc4213f551efdc09f13e2c71ef0e39b08a7aca888
7e19416205cfb8e056d4628bdeb635e29cefba04fcb21ee55e7b0077427e4c99
949b755ce7ba4afeffe8c261141b77bca5f443761aa062936141ed94b737e848
af8df57ba3941ed8fa89543e4e98f2da5dfe7a0efaaa72aaca4c54ea9f5ccc58
+ 326 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/210716-qh3srtk4fe/
Behaviour
Checks processor information in registry
Modifies registry class
Runs ping.exe
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Program Files directory
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Looks up external IP address via web service
Drops startup file
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Executes dropped EXE
Unpacked files
SH256 hash:
65e8254a186451acf0d77122aff2a9c1e03d26d0169a8b91de00c2aa62e4a4fb
MD5 hash:
22a2f6fad2ee2b07a157bac178d58b91
SHA1 hash:
147cabf6c396c54d1e5f34315f6bc0a9417d23fd
Link:
https://www.unpac.me/results/e004133e-1c62-462a-925a-cd130c148c15/
SH256 hash:
9cbdf7f433f59f69ed01b5d6928259ad816d83c3680b8d14bbc54f2e8cd7b752
MD5 hash:
5b85133b19a6c4648325e76b92e4a4a5
SHA1 hash:
ad78f990a67cf65de8a90374b67ef5a7f311e9d4
Link:
https://www.unpac.me/results/e004133e-1c62-462a-925a-cd130c148c15/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9cbdf7f433f59f69ed01b5d6928259ad816d83c3680b8d14bbc54f2e8cd7b752

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9cbdf7f433f59f69ed01b5d6928259ad816d83c3680b8d14bbc54f2e8cd7b752

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1393651/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/172249/

Comments