MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b91cd447a756f6bd45a70cab76407376168692edb818319a1aadf965feea8755. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b91cd447a756f6bd45a70cab76407376168692edb818319a1aadf965feea8755
SHA3-384 hash: 8a97a078f5b9e48833a64d2afc0174d1a6bbbc72de86f894da4cd52d677e3589a89d5c2f6bc720129ce838d35da0ba5d
SHA1 hash: 0f75772a993dc45a57cddfb158ba293834857ac2
MD5 hash: 99e01c62ae10d00f376e5b265bb0308f
humanhash: mirror-lamp-two-victor
File name:99e01c62ae10d00f376e5b265bb0308f.exe
Download: download sample
File size:1'084'824 bytes
First seen:2023-06-22 10:38:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ab9ff6e4872ea2766a5f5c6af5649e9d (20 x CryptOne, 13 x RedLineStealer, 6 x RecordBreaker)
ssdeep 24576:VJr8tEZgHqD9CnL5ACQmVd6wfHiQPrssZ8JNALUcI:VJ4oDCVACQmHJrssZ83AfI
Threatray 147 similar samples on MalwareBazaar
TLSH T16A351201BAC1C4B1D97124351AF7D730AA3CBC706B7689DF97606B6D5E314C1A236BA3
TrID 91.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.6% (.EXE) Win64 Executable (generic) (10523/12/4)
1.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
0.6% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
249
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
99e01c62ae10d00f376e5b265bb0308f.exe
Verdict:
Malicious activity
Analysis date:
2023-06-22 10:44:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fbe5224b-6af0-42b9-99e3-ec8d476f8468

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/401661/
Detection(s):
SecuriteInfo.com.Variant.Fugrafa.249470.10364.14457.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Creating a window
Searching for the window
Сreating synchronization primitives
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/92117/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
comodo greyware lolbin overlay packed qakbot setupapi.dll shdocvw.dll shell32.dll virus
Link:
https://www.filescan.io/uploads/649424c963e40cba6801b3a8/reports/0cdf6be2-6be4-4086-a83d-42186bf9a55f/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/b91cd447a756f6bd45a70cab76407376168692edb818319a1aadf965feea8755
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ef27f826-5831-41d1-bf86-b2b83f29b964
Result
Threat name:
n/a
Detection:
suspicious
Classification:
n/a
Score:
39 / 100
Link:
https://www.joesandbox.com/analysis/1259664
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b91cd447a756f6bd45a70cab76407376168692edb818319a1aadf965feea8755/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2023-06-22 04:41:52 UTC
File Type:
PE (Exe)
Extracted files:
20
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xeonir5hk33l2rnhbsvxmqdtoylinexnxamddgq2vx4wl7xkq5kq._file
Verdict:
malicious
Similar samples:
023ba111fa8dccee3ae3eaff7cbab1927096fb47ee58e8983eb2a5241d4557d7
049c85c420d5b7b01316bd54cac073421f0f2a6d3af1dc6bf49a494bb9356c02
23ad77a2be48a81e4460c894c41a35db18308a8f85eb841f5bf7ae99265f7310
4d6a68af9d1de9ad0ed6dfdd5cbb0daa6341caa3798b26b3d2d111d06fc402ba
6bc2d4c7cf6c183e47b32a0a9f6802ef785f6d7938e452248e3f00b2b37162aa
70caeb1acf2902a83cc604e44bffed2b43c0698a5e101f12b6f1a6f9eeccc546
ac0512ae388edecb444eac7b61138650b05f1ab927277696aaecb73efd62776c
d664e5a74efe8bee93416258fe43fbaee485a4e1c585dcb3892c93359c48feca
f8ba98c4f7f9ccf0520492b17b56a57e69c7624e497fca78007766cdce05b947
+ 137 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230622-mpzjyafc3s/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
b91cd447a756f6bd45a70cab76407376168692edb818319a1aadf965feea8755
MD5 hash:
99e01c62ae10d00f376e5b265bb0308f
SHA1 hash:
0f75772a993dc45a57cddfb158ba293834857ac2
Link:
https://www.unpac.me/results/bcb0d552-4fdb-4891-ac5d-e05ed4419345/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b91cd447a756f6bd45a70cab76407376168692edb818319a1aadf965feea8755

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b91cd447a756f6bd45a70cab76407376168692edb818319a1aadf965feea8755

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2427357/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/401661/

Comments