MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aafbab0ec0322b2d2666da6c8d07715a5f280508ea754823c21c9a3fc4ad6a0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aafbab0ec0322b2d2666da6c8d07715a5f280508ea754823c21c9a3fc4ad6a0b
SHA3-384 hash: d3451cb480cc3c388c0a0208639d57cbf021dd5ef946be9a3bc5affba6f5a480ecfcbeee12adc3e5b4bc9e3cc1570669
SHA1 hash: 3890fd512e84d08dae37a797960ec591c6bb1dc7
MD5 hash: acbe2f4053b6d12c5aec92ca430855cd
humanhash: ack-grey-missouri-kitten
File name:acbe2f4053b6d12c5aec92ca430855cd.exe
Download: download sample
File size:3'375'616 bytes
First seen:2023-04-09 07:40:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e2a1dda429836d1f005b3998fe7fca36
ssdeep 49152:YWVXbINt5SWfTTVU9kCVERlyaj8zvGVaLzrX/U5kaSaA4K9Ukqs7kpPxKnHasKIU:TyvLS9ZWBozfnE5SWPxKn3Dbk
Threatray 13 similar samples on MalwareBazaar
TLSH T1B4F533951CD860F0F2A34834AA5292CF62B3939DACC59C3D7985BE067CE2E5B705E437
TrID 56.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
11.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.1% (.EXE) Win32 Executable (generic) (4505/5/1)
3.7% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
310
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
https://www.mediafire.com/file/rib5ruzn2oo7dno/ver2.7_2023.rar/file
Verdict:
Malicious activity
Analysis date:
2023-04-08 21:13:05 UTC
Tags:
raccoon recordbreaker trojan loader stealer
Link:
https://app.any.run/tasks/bc429302-505b-4954-88ae-420889946fa5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/381090/
Detection(s):
SecuriteInfo.com.Trojan.Heur.RP.oFW@b01UMgli.9114.30814.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed xpack
Link:
https://www.filescan.io/uploads/64326c1367206e6b681d6e4c/reports/854d9e76-02c9-47a1-b6d4-090affde7378/overview
Verdict:
Malicious
Labled as:
Trojan.RP.Generic
Link:
https://www.hybrid-analysis.com/sample/aafbab0ec0322b2d2666da6c8d07715a5f280508ea754823c21c9a3fc4ad6a0b
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/172ad2b8-588b-4eee-baeb-a4df543a8df2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1210842
Signature
Antivirus detection for dropped file
Creates autostart registry keys with suspicious names
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aafbab0ec0322b2d2666da6c8d07715a5f280508ea754823c21c9a3fc4ad6a0b/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2023-04-09 00:29:58 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vl52wdwagivs2jtg3jwi2b3rljpsqbii5j2uqi6cdsnd7rfnnifq._file
Verdict:
unknown
Similar samples:
1214aac3d5f5bdcc072deccd20cf0c07dc4c3ea08865365281a2473be624ee37
585e690019421f6c49788efb03557062d871fb8a01a3bff5f1c20bd8227b19fb
6ce07f9854b3d9f983265569f34a640a9f274c1bfd30fcba4b6bb64c957ecc54
701bb7d545df1a98de90d0a414a90c7f09538fe02f32e8ffc4c6312aab8349c5
71084f920ae924a807346f506c6b352503c7143c355c33b1b1d3fda96e07522a
75ce329091d54aa2fcf6cd6f58704493e0f4ac878279c49db239140051341931
80e81d5862eeb8f64349e953e74d0ceef0d5a691dfdbf5d9301b9e6d7cc84635
8cd6c87a4d6f1e137838ccc3fc75bb90fe86aed076e39c9d987ef20d85b7efd2
c54b9980a859aea2ef629b529325305f78efa8e59bd70cea2a3ce811d8ea8ff6
cf4cf0f064bbd1115fdee0971c7ffc9a474984eeda8107040589b425ae1a6605
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/230409-jh4zashh93/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Adds Run key to start application
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
dfaf132d2956d02ea565d8c92aa40850ff47070cdb31859b690df79b37112a7e
MD5 hash:
b54b9ee1d77c58cb8281aec2f5bf6280
SHA1 hash:
6ae86fbf07e6aa24b0cded86f85d3bc403b5c741
Link:
https://www.unpac.me/results/72058ce6-bc38-44fc-aa44-26248732e409/
SH256 hash:
aafbab0ec0322b2d2666da6c8d07715a5f280508ea754823c21c9a3fc4ad6a0b
MD5 hash:
acbe2f4053b6d12c5aec92ca430855cd
SHA1 hash:
3890fd512e84d08dae37a797960ec591c6bb1dc7
Link:
https://www.unpac.me/results/72058ce6-bc38-44fc-aa44-26248732e409/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/aafbab0ec0322b2d2666da6c8d07715a5f280508ea754823c21c9a3fc4ad6a0b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe aafbab0ec0322b2d2666da6c8d07715a5f280508ea754823c21c9a3fc4ad6a0b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2580611/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/381090/

Comments