MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1a3602f2628080fa758575fba82bf62fd7de058055a9491f9eac87fda31a2e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1a3602f2628080fa758575fba82bf62fd7de058055a9491f9eac87fda31a2e5
SHA3-384 hash: 10e65d677e10782010374d087f7c3dbea172871a2c1f5ca3c45ca17812c7fa63f2b920205b13b82b1b5d9897bfd3f7ad
SHA1 hash: f4495707807cd116416004079522c0a547e98502
MD5 hash: 3ae9906857bc75eb1d887eb627f8425b
humanhash: glucose-batman-illinois-arizona
File name:SecuriteInfo.com.Trojan.Win32.Save.a.1504.17352
Download: download sample
File size:597'504 bytes
First seen:2022-03-13 13:34:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b20729a9fabd3d8bd61d1064a3293bc8
ssdeep 12288:lOZgbv2R1jJ2/+EhZ+4Kvx0zrVX94/oo8Eo:+gbv2R1jJTEhshpErpmr0
Threatray 53 similar samples on MalwareBazaar
TLSH T13AD412127551C032C362A43178ADC6769B7F7830ABA5EC43776843290E31EF1ABB935B
File icon (PE):PE icon
dhash icon 4839b234e8c38890 (121 x RaccoonStealer, 54 x RedLineStealer, 51 x ArkeiStealer)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
210
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/249872/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.1504.17352.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Rewriting of the hard drive's master boot record
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/9026/overview
Behaviour
SystemUptime
MeasuringTime
EvasionQueryPerformanceCounter
EvasionGetTickCount
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
azorult greyware packed ransomware
Link:
https://www.filescan.io/uploads/622df30a0cd58dbd928e8639/reports/6a3944d6-8123-4b86-a3da-f5e55ab7d279/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Pitou
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/60fbb824-48cd-417f-8c91-0afb3f0de76a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/955579
Signature
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b1a3602f2628080fa758575fba82bf62fd7de058055a9491f9eac87fda31a2e5/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-13 13:02:52 UTC
AV detection:
19 of 42 (45.24%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
29df2cefbc041241f2c2c3782682951d252633926b3929a927648cd3b55dc64b
2b7c46cb10900dd2840380802ed77aa77c337265cd9b3fcdeaf85361dc92525c
3c6d3d8d1d1cd0e7503c141e407c2d0f13f87b5b76dac2cff033baa027033e1c
770f8cd0cae0a7525234dfc5b25f21b90090513d3f80fa06e8c22107ca8bbe01
7e95736b12f455cd096c0eff4a9dfa5b4e3c8108c55464447868ba4351e91fbb
7f7d7ad866610022b5482e175cd7e2c655666aaefb4b5038ff524e7336b86825
98030abe3b55718b6e014c5b81c7c3c602a50cf4e2004da4eeae1c0de42669f9
a09cbb1704807a612702a6fd63c2c58d096da4c99034be7fc1d92bc5ef7bfc1b
ce1ab55a70d98baf0f844e1bc21f376ff356ddb9067523f908315934c346737a
fae0a0d40cb12f14a4eeaee7171c948688bed15ec8718de8c65834023ecac97f
+ 43 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
bootkit persistence
Link:
https://tria.ge/reports/220313-qvn7yahehl/
Behaviour
Writes to the Master Boot Record (MBR)
Unpacked files
SH256 hash:
e4525e11db14618785e204cb87842eb4f71a0dd3fde7508475254181daf4817c
MD5 hash:
7b1c1ce13434e6d54c42f3f9ac46d0e4
SHA1 hash:
77ebad305f9c6e0c02ac6414ec47924934624ba4
Link:
https://www.unpac.me/results/d8ee9548-5381-4dd3-a0f1-431de02e59a7/
SH256 hash:
b1a3602f2628080fa758575fba82bf62fd7de058055a9491f9eac87fda31a2e5
MD5 hash:
3ae9906857bc75eb1d887eb627f8425b
SHA1 hash:
f4495707807cd116416004079522c0a547e98502
Link:
https://www.unpac.me/results/d8ee9548-5381-4dd3-a0f1-431de02e59a7/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/b1a3602f2628/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b1a3602f2628080fa758575fba82bf62fd7de058055a9491f9eac87fda31a2e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b1a3602f2628080fa758575fba82bf62fd7de058055a9491f9eac87fda31a2e5

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/249872/
  
URLhaus
https://urlhaus.abuse.ch/url/1978538/
  
Delivery method
Distributed via web download

Comments