MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4c2ff718a6f5c872387c54960848ea4798b78ac9ea50928106cf66a4bdffeb1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	b4c2ff718a6f5c872387c54960848ea4798b78ac9ea50928106cf66a4bdffeb1
SHA3-384 hash:	2c52a75125d9c593efcd52a3a8bb5b2b3c7e40c3d097f224e7380c22f1247cb3e75429cddf0288aa334c87f360232976
SHA1 hash:	773df36ff48e83e0d380c4419ac82a40c37ef53e
MD5 hash:	f3e4d4a85c7512f0da99af2d9a90eacd
humanhash:	single-undress-eighteen-eight
File name:	file
Download:	download sample
File size:	1'629'312 bytes
First seen:	2023-06-29 13:12:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	fa8d20faea9ef7b4e2b7fbfe93442593 (17 x RedLineStealer, 4 x CoinMiner, 3 x AgentTesla)
ssdeep	24576:qDkUNi1slEkAEuf1jqlbA/72612YME8Mvox0kxBflP5BW2zywKvQZoL1PmfeR6:qDkUjjAEutjqox1z2O2jk2mfv6ImfG6
Threatray	40 similar samples on MalwareBazaar
TLSH	T153752221BAC08470E9B718351AE4A372BB3DBD315F768AC757503A6E8F301E09936767
TrID	91.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39) 3.6% (.EXE) Win64 Executable (generic) (10523/12/4) 1.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.5% (.EXE) Win32 Executable (generic) (4505/5/1) 0.6% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter	jstrosch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

295

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

Suspicious activity

Analysis date:

2023-06-29 13:17:26 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/96c332ce-fd23-439b-b725-287688824e00

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/403779/

Detection(s):

SecuriteInfo.com.Trojan.Uztuby.4.19274.32072.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Searching for the window

Сreating synchronization primitives

Searching for synchronization primitives

Creating a file in the %temp% directory

Launching a process

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/94131/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware lolbin overlay packed replace setupapi shdocvw shell32

Link:

https://www.filescan.io/uploads/649d836010925f175affa350/reports/ee8f30d3-a1ff-47a7-9504-1a53935c09df/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/b4c2ff718a6f5c872387c54960848ea4798b78ac9ea50928106cf66a4bdffeb1

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/555a567b-e6ff-489d-a346-305ba565b5d5

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1263291

Signature

Multi AV Scanner detection for submitted file

Tries to detect sandboxes / dynamic malware analysis system (file name check)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b4c2ff718a6f5c872387c54960848ea4798b78ac9ea50928106cf66a4bdffeb1/

Threat name:

Win32.Trojan.Uztuby

Status:

Malicious

First seen:

2023-06-29 13:13:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

15 of 37 (40.54%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wtbp64mkn5oioi4hyvewbbeour4yw6fmt2sqskaqnt3gus6772yq._file

Verdict:

malicious

35bcfd69dcfa8a03e82c1141d1138e26a2779527ec631d6d5c2f66a217548e05

427b5d1b32a8e17b94097a085094afcf86e857dcc8db0fd0b4bf7c50e6f3f349

8f54b40666425ce85b4ff251e6e9b6d1942a069968b1b00935455c05b402c33d

963d62811b21dd7a9716c812303db3c717d5287e9b8fe0266084de98649de6b4

9caad784222d3fb486822446983ef20eb408845146c9bf954bf2e185fb4e35d1

c8b7fc073f9b19aa83d4e2ad4945a6de2e82cf7bce58c41e38c804c61fe92eca

d2f62e6ebaaa21277f79cb82709adfb5c7f8a870eec123188dc54bcda2b95c42

+ 30 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/230629-qf3f1sdb23/

Behaviour

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Loads dropped DLL

Unpacked files

SH256 hash:

b4c2ff718a6f5c872387c54960848ea4798b78ac9ea50928106cf66a4bdffeb1

MD5 hash:

f3e4d4a85c7512f0da99af2d9a90eacd

SHA1 hash:

773df36ff48e83e0d380c4419ac82a40c37ef53e

Link:

https://www.unpac.me/results/5aa8d6aa-f606-4bd4-9617-438f80d54473/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b4c2ff718a6f5c872387c54960848ea4798b78ac9ea50928106cf66a4bdffeb1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe b4c2ff718a6f5c872387c54960848ea4798b78ac9ea50928106cf66a4bdffeb1

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2673593/

Cape

https://www.capesandbox.com/analysis/403779/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample