MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b50733e5a47bfc0aa698a9fdc6517b5fffb8fd2942c83ce0343fdbe7fa9b29d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Renamer


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b50733e5a47bfc0aa698a9fdc6517b5fffb8fd2942c83ce0343fdbe7fa9b29d9
SHA3-384 hash: bd7c286db6b1558cef602adc66b2544a9e7d0a940d33cfa49b906dffed70e62a462f61794c549381425faf70a4fcf6da
SHA1 hash: e304f755c41c08184d9fb05c79a7a65b9b590699
MD5 hash: 6753b99b2b777f5f800890c1c043c1b9
humanhash: fourteen-tango-sierra-oranges
File name:MajorRevision.exe
Download: download sample
Signature Renamer
Create hunting rule
File size:844'288 bytes
First seen:2021-10-18 22:02:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c00b6ba7dbbc6abee9ace3a65a49ba24 (6 x Renamer, 1 x Worm.Ramnit)
ssdeep 12288:OwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4FhozEa888888888888W8888888J:eNzCtUpQ9WWPBSSRMTEpMNg
Threatray 45 similar samples on MalwareBazaar
TLSH T174055A1AB2D7143BC03706BD492752645C3B7E202A96585A5EFCBF4C0F392A33D36E96
dhash icon 43cb899d9172f0f0 (1 x Renamer)
Reporter AndreGironda
Tags:exe Renamer


Avatar
AndreGironda
MITRE T1566.001
Date: 18 Oct 2021 00:30-01:00 -0700
Received: from benso1968.eu (103.232.53.178)
Reply-To: chonghinatakaitu56@citromail.hu
From: "Hoang Thu Dinh" <sales@benso1968.eu>
Subject: Waiting for your response
Message-ID: <20211018005004.B80AEECEA21B7334@benso1968.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0012_A4FBFC79.397BB1EE"
Return-Path: sales@benso1968.eu
Attachment Name: SHIPPING-DOC.zip
Attachment SHA256: 8d551845770e04d89980c7be07cd231e3eefc1bd63b041b4f401a36e272c0171
Unzipped Executable Name: SHIPPING-DOC/55BBzC2lMpuhtSn.exe
Executable SHA256: 6e7c03c32c1b2166ef09c72da941842263b4902af026154162bf5972146f7048
Dropped LNK Name: Paint.lnk
Dropped LNK SHA256: 5db4a7fd7fe5f6f5a853c2dd51269be7ce2c876eda6c3ed6980f7d3bdf8cc307
Unpacked Renamer Executable 1 SHA256: b50733e5a47bfc0aa698a9fdc6517b5fffb8fd2942c83ce0343fdbe7fa9b29d9
Unpacked Renamer Executable 2 SHA256: 45bd7ca68c999b2a4285a3fb80344ec1e8cb25d9b9152f756219c2543f81b10e

Intelligence

File Origin
# of uploads :
1
# of downloads :
265
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Renamer
Create hunting rule
Link:
https://www.capesandbox.com/analysis/198334/
Detection(s):
PUA.Win.Malware.Speedingupmypc-6718419-0
Create hunting rule

Win.Virus.Tainp-1
Create hunting rule

Win.Malware.Cbgy-9839050-0
Create hunting rule

Win.Malware.Cbgz-6743174-0
Create hunting rule

Win.Malware.Auopnspi-6887872-0
Create hunting rule

Win.Trojan.Agent-1372183
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Replacing executable files
Creating a file
Deleting a recently created file
Moving a system file
Replacing system executable files
Creating a file in the Windows directory
Replacing system files
Replacing files
Creating a file in the Windows subdirectories
Creating a file in the system32 subdirectories
Creating a file in the system32 directory
Moving a recently created file
Enabling autorun by creating a file
Infecting executable files
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm greyware keylogger
Link:
https://www.filescan.io/uploads/616def19a9d585e6d52c87f4/reports/4faa13c6-0f12-4590-972e-285d9be60134/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Gorgon Group
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/78330234-8c2d-4722-bb33-d971793d7ab1
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spre
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/872711
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b50733e5a47bfc0aa698a9fdc6517b5fffb8fd2942c83ce0343fdbe7fa9b29d9/
Threat name:
Win32.Virus.Tapin
Create hunting rule
Status:
Malicious
First seen:
2018-05-08 05:08:08 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1f247163023db8b4c9ab82b36befc81bbbd58483bc6d00fafcac9a3a34c9a97d
Renamer
419dfd4197486fb8219fd61895008efbfe8b628f96865dec3bbd054eb900bf13
Renamer
61b36c03b131bf1dac4d6ddf392b9ebd48a0d6c723abb9119c308dd22b5432db
Renamer
68f58a48d09d07cd851a8d03cef1a6000f715257fbfbad215e22013ac7a7e611
Renamer
70f97bf2b133dc63570ac73c9cd3ad0c28991c48254273ccfa40caa17acc01c2
Renamer
a115e321c5902daa72854362422ea2a6cafbc5c7fcadfad0b8d03944d14e32e8
Renamer
b6177b19a010725f003f7828862f9217af33f3b38a517a40c94c7e8174a91c95
Renamer
b92e82e83c4f3ea90cd3c64b3276265aee5bfc9acdca956f6df4811b252bb978
Renamer
cc048d64fe045f9717b0d7f581936d97eac1bdb8af195d08106dca3b48329b34
Renamer
d8631f817cb56ca5cf3770d7533e5c678e97ff462949370b3042817b1a48111b
Renamer
+ 35 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/211018-1yccnaehh7/
Behaviour
Enumerates physical storage devices
Drops file in Program Files directory
Drops file in Windows directory
Drops autorun.inf file
Drops startup file
Loads dropped DLL
Unpacked files
SH256 hash:
b50733e5a47bfc0aa698a9fdc6517b5fffb8fd2942c83ce0343fdbe7fa9b29d9
MD5 hash:
6753b99b2b777f5f800890c1c043c1b9
SHA1 hash:
e304f755c41c08184d9fb05c79a7a65b9b590699
Link:
https://www.unpac.me/results/6373ba0e-0c27-4086-aed2-43d198b704e6/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/b50733e5a47b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b50733e5a47bfc0aa698a9fdc6517b5fffb8fd2942c83ce0343fdbe7fa9b29d9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_Renamer
Create hunting rule
Author:ditekSHen
Description:Detects Renamer/Tainp variants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

8d551845770e04d89980c7be07cd231e3eefc1bd63b041b4f401a36e272c0171

Renamer

Executable exe 6e7c03c32c1b2166ef09c72da941842263b4902af026154162bf5972146f7048

Renamer

Executable exe b50733e5a47bfc0aa698a9fdc6517b5fffb8fd2942c83ce0343fdbe7fa9b29d9

(this sample)

Renamer

Executable exe 45bd7ca68c999b2a4285a3fb80344ec1e8cb25d9b9152f756219c2543f81b10e

  
Link
https://tria.ge/211018-q5yjcsefcl
  
Dropped by
SHA256 6e7c03c32c1b2166ef09c72da941842263b4902af026154162bf5972146f7048
  
Dropping
SHA256 45bd7ca68c999b2a4285a3fb80344ec1e8cb25d9b9152f756219c2543f81b10e
  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/198334/

Comments