MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be1f5c60874f279ab47b00da58c3b634edb4819a33652938281a799f3cd4e256. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be1f5c60874f279ab47b00da58c3b634edb4819a33652938281a799f3cd4e256
SHA3-384 hash: 2daa1257be998a09d14f8f1ce8089154ac71a93427e75baf8afa524b26fae4c38b4e7dbb4059f82907259007ec22d75f
SHA1 hash: 24f66ae7371fa2d4c67f76848da25168b934f4ae
MD5 hash: 812cd26db86b9d45f3f279655a07be22
humanhash: uranus-aspen-angel-mexico
File name:file
Download: download sample
File size:7'226'880 bytes
First seen:2022-11-13 16:06:09 UTC
Last seen:2022-11-13 17:48:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f7505b4601b1ffe0bfd3596cbecb05d7 (1 x RaccoonStealer)
ssdeep 196608:csthHJVjdE4F0OrUz8IeoMnrWeH+KIS9y:c+HJjF0Og/M9HFI
Threatray 166 similar samples on MalwareBazaar
TLSH T1837623B3D3265181E7C149328D3BBED871B60FEA8B4EEC75569A38C131331A5E211B97
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon f09284d0d0b48af0 (1 x RaccoonStealer)
Reporter jstrosch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
161
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
http://88.99.120.225/
Verdict:
Malicious activity
Analysis date:
2022-11-13 09:08:06 UTC
Tags:
loader redline evasion stealer tofsee
Link:
https://app.any.run/tasks/466c8076-ffe8-4dfe-81ec-c7f5a4c8972f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/333334/
Detection(s):
SecuriteInfo.com.Variant.Ser.Lazy.2084.9400.14046.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/52057/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/6371162820a0b4943a8f3c6c/reports/c757f689-e2aa-4271-9f31-8d6464200bcf/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/7b21086a-6839-441e-ad80-a563e11be405
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1112319
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to detect virtualization through RDTSC time measurements
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 745014 Sample: file.exe Startdate: 13/11/2022 Architecture: WINDOWS Score: 64 28 Multi AV Scanner detection for submitted file 2->28 30 Machine Learning detection for sample 2->30 7 file.exe 13 2->7         started        10 IntelGAS-Ver6.7.3.2.exe 1 2->10         started        process3 signatures4 32 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 7->32 34 Uses schtasks.exe or at.exe to add and modify task schedules 7->34 36 Tries to detect virtualization through RDTSC time measurements 7->36 12 icacls.exe 1 7->12         started        14 icacls.exe 1 7->14         started        16 schtasks.exe 1 7->16         started        18 icacls.exe 1 7->18         started        process5 process6 20 conhost.exe 12->20         started        22 conhost.exe 14->22         started        24 conhost.exe 16->24         started        26 conhost.exe 18->26         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/be1f5c60874f279ab47b00da58c3b634edb4819a33652938281a799f3cd4e256/
Threat name:
Win32.Trojan.Lazy
Create hunting rule
Status:
Malicious
First seen:
2022-11-13 08:43:08 UTC
File Type:
PE (Exe)
Extracted files:
19
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xypvyyehj4tzvnd3adnfrq5wgtw3jam2gnsssobidj4z6pgu4jla._file
Verdict:
malicious
Similar samples:
1e5c7dcfbe4a1e9da06229b4512229c463b0268832b9cb6cdb35a1153963be37
37af8d63e8e5adb5a5f30b471fe4e29f686c7923507583a21f46d3b2eb554f09
4e73230986aab0ad40dbd475ca56fe0f207ff5d935f766a46cd4675e6bc27229
6d56fef8303cf1e45a9cab5964a82c9264d902c5ba7c8480613f2357db61f0b0
d72645347b3fa6134cc416b6b9d73eec9d4ef2af4dbf26c6b91da795144c394c
e134f20c16c2d118f95738897fc6c8f3be4ec46563ad7e1c243c3d7595a0ea68
e92b4f323c469808f029e3d970b30684c4a23d652fa1c7da324e14cbd6d04709
+ 156 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/221113-tkm4nsbf63/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Program crash
Modifies file permissions
Verdict:
Informative
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/bf5c79dc-d0ed-4f1b-94ef-fe95c7a22db4
Unpacked files
SH256 hash:
24b9ddd5e9a8d21f09b8c6b526a47b63ba51a4c24aa8da551cbd2e642fbf9c22
MD5 hash:
5de417e4860c36035ee98620125be18d
SHA1 hash:
f8dc216e02f7d64baae0c444ccfd0546b3ffc8bf
Link:
https://www.unpac.me/results/008ba6b6-006a-451b-a91a-837c9e75f75a/
SH256 hash:
be1f5c60874f279ab47b00da58c3b634edb4819a33652938281a799f3cd4e256
MD5 hash:
812cd26db86b9d45f3f279655a07be22
SHA1 hash:
24f66ae7371fa2d4c67f76848da25168b934f4ae
Link:
https://www.unpac.me/results/008ba6b6-006a-451b-a91a-837c9e75f75a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/be1f5c60874f279ab47b00da58c3b634edb4819a33652938281a799f3cd4e256

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe be1f5c60874f279ab47b00da58c3b634edb4819a33652938281a799f3cd4e256

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2381532/
Cape
Cape
https://www.capesandbox.com/analysis/333334/

Comments