MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be27934c7e49a992c57d36977b09107573dfabe80b6c90cbf2dc69dbc00c3723. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be27934c7e49a992c57d36977b09107573dfabe80b6c90cbf2dc69dbc00c3723
SHA3-384 hash: 3d6b2bc13246526f45a53ba673dcb212e6ac3e5132a5b9779ed267d19ead7ae9e11315b90ca85dc35a034d6a70c869fd
SHA1 hash: 6f4e7581ac920e42841c48c646f13c34b3039eda
MD5 hash: 3ebd1a2b9db0e3419111ae065dce1b31
humanhash: florida-autumn-stairway-fillet
File name:3ebd1a2b9db0e3419111ae065dce1b31.exe
Download: download sample
File size:2'863'375 bytes
First seen:2022-03-19 16:59:16 UTC
Last seen:2022-03-19 18:40:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c0adfe1e9d3803618765228287306305 (1 x RaccoonStealer)
ssdeep 49152:2pi3KDPCxHtui8uCZOyXe9xZdizmhlMZuC3ipBpAEMclkONvcp:0inPuDZOyu9xZ+3GBpicl5Q
Threatray 536 similar samples on MalwareBazaar
TLSH T14BD523E0E754DD52D47E40B26CA4D031B6E6FCADA9D8074CD7E8A725A174932320CFBA
File icon (PE):PE icon
dhash icon 86067c3737345daf (1 x RaccoonStealer)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
263
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/252988/
Detection(s):
SecuriteInfo.com.Trojan.Siggen17.23956.8338.25199.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/62360c1ab94fb38cb4af9ff8/reports/5aa485a5-c754-49dd-9610-6024e0f10849/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Vidar
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/270c38d5-e06a-4db2-b29b-92edeaacc5a5
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/960113
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/be27934c7e49a992c57d36977b09107573dfabe80b6c90cbf2dc69dbc00c3723/
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2022-03-19 17:00:19 UTC
File Type:
PE (Exe)
Extracted files:
59
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
28b37d67a0ba8991fbae8ea2048f44ee06d8c3df823750e585ca0322df10ef14
47e3361c89502610abbb544c85c9ffdf46d466c45ac73452b1acff081e220f96
6ca2ebb55bbe3c9e997bd9c1865d92d09a1340894f4d65a43700c8ff82610f47
d69c376543895ab4855012d78b287d7dc85a5e3b40a972499205279d1a7c1f2f
e316a2df7796cac9a0f6dff3cfa3ae63083e6a7208e95e7458d2fcae9dbf3535
+ 526 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/220319-vh2dysecaj/
Behaviour
Drops file in System32 directory
Unpacked files
SH256 hash:
f2176c8f2f35dc3de436502c146c106e84442fe3bd3d8dc02f51da1108fe04ac
MD5 hash:
e3974bce7f3186490328dca36a78f6ff
SHA1 hash:
705f56cf751b88a07904dec005059fb9937d23ff
Link:
https://www.unpac.me/results/c09056c0-9f91-4960-8480-3687b26aa207/
SH256 hash:
be27934c7e49a992c57d36977b09107573dfabe80b6c90cbf2dc69dbc00c3723
MD5 hash:
3ebd1a2b9db0e3419111ae065dce1b31
SHA1 hash:
6f4e7581ac920e42841c48c646f13c34b3039eda
Link:
https://www.unpac.me/results/c09056c0-9f91-4960-8480-3687b26aa207/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/be27934c7e49a992c57d36977b09107573dfabe80b6c90cbf2dc69dbc00c3723

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe be27934c7e49a992c57d36977b09107573dfabe80b6c90cbf2dc69dbc00c3723

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/252988/
  
URLhaus
https://urlhaus.abuse.ch/url/2086562/
  
Delivery method
Distributed via web download

Comments