MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acaed16a37962b29231a2b0842b616000656a12ff66ce41830ca855a207fc5dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gh0stCringe


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: acaed16a37962b29231a2b0842b616000656a12ff66ce41830ca855a207fc5dc
SHA3-384 hash: 53d786204694f7728e9c796c5f1b17c2756e7521a07e68fdfbbfa6f55c48da9b2c51b2bb6984d1ef81a11396dea23a94
SHA1 hash: cf6ff0ee7850f490c00c617d8c169c9c754b315a
MD5 hash: 25741ac45ffe74f8c4817b28500fa48d
humanhash: bravo-wisconsin-red-india
File name:25741ac45ffe74f8c4817b28500fa48d
Download: download sample
Signature Gh0stCringe
Create hunting rule
File size:63'488 bytes
First seen:2021-08-01 16:32:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d9c7208ff3022bb34870c7ddeb406eb1 (5 x Gh0stCringe, 1 x Ramnit, 1 x Gh0stRAT)
ssdeep 768:jbz3IhpglwpDEq2m0j6Tf8V4Ie7ZZa3R1fb961vNPrl7EJnCJ0uWN:n4+wpDElm2IAUZZo1fbs1RVEZCJ09
Threatray 7 similar samples on MalwareBazaar
TLSH T11653070DE69EF0E3FB517530260E6A328EBDB82C853C951F2E56694D1CF5780A4AD332
Reporter zbetcheckin
Tags:32 exe Gh0stCringe

Intelligence

File Origin
# of uploads :
1
# of downloads :
672
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
25741ac45ffe74f8c4817b28500fa48d
Verdict:
No threats detected
Analysis date:
2021-08-01 16:40:19 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/325a29d4-1158-4083-943f-b28778044d5a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/175579/
Detection(s):
Win.Trojan.Mikey-9769164-0
Create hunting rule

Win.Malware.Farfli-9832713-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a process from a recently created file
Creating a window
Connection attempt
Sending a UDP request
Creating a file in the Windows subdirectories
Creating a service
Launching a service
Enabling autorun for a service
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8abeebf8-a2e8-442f-9fbd-344590681611
Result
Threat name:
Gh0stCringe
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/825134
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes security center settings (notifications, updates, antivirus, firewall)
Checks if browser processes are running
Contains functionality to detect sleep reduction / modifications
Creates a Windows Service pointing to an executable in C:\Windows
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Gh0stCringe
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/acaed16a37962b29231a2b0842b616000656a12ff66ce41830ca855a207fc5dc/
Threat name:
Win32.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2021-08-01 16:33:06 UTC
AV detection:
35 of 46 (76.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vsxnc2rxsyvssiy2fmeefnqwaadfnijp6zwoigbqzkcvuid7yxoa._file
Verdict:
malicious
Similar samples:
31d5bcd2e4ecd330a56fbef1826e7201532311c9a57ee44352a746ea8271a778
Gh0stCringe
3eabf4e909e889bfcb994a36d041ced30c30a377a6a0d6057eda4b8f35f4ca0e
Gh0stCringe
4bb4435958fa48762b34905fc5ac50c78878eccb33252f72cb037d664cb60fc9
Gh0stCringe
727bc43e3d9cdf3e79c2232cf3f647bdf94ad2012c31403434c17e5bbeb3c339
Gh0stCringe
a578e71d04eae80004ab431497c95fb9779a95dc7f0c60996c24c1cb7139745d
Gh0stCringe
c973c31f8af3d15abb5963e2764f534e5263828320e9c15e57c953392c32ce65
Gh0stCringe
d3501787751324e615bd13ed80417360fbd7558385662ac34c51b34802f9b9d4
Gh0stCringe
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210801-azmfxr74h6/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
Sets DLL path for service in the registry
Unpacked files
SH256 hash:
acaed16a37962b29231a2b0842b616000656a12ff66ce41830ca855a207fc5dc
MD5 hash:
25741ac45ffe74f8c4817b28500fa48d
SHA1 hash:
cf6ff0ee7850f490c00c617d8c169c9c754b315a
Link:
https://www.unpac.me/results/45797030-ecda-424f-a78f-1ebeece70159/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/acaed16a3796/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/acaed16a37962b29231a2b0842b616000656a12ff66ce41830ca855a207fc5dc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gh0stCringe

Executable exe acaed16a37962b29231a2b0842b616000656a12ff66ce41830ca855a207fc5dc

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1497948/
Cape
Cape
https://www.capesandbox.com/analysis/175579/

Comments


Avatar
zbet commented on 2021-08-01 16:32:49 UTC

url : hxxp://45.137.182.242/helk.exe