MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfbe18d15b02ca49b998ced257354495d126513f86e26b8ad6dbe1db9cd568bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	bfbe18d15b02ca49b998ced257354495d126513f86e26b8ad6dbe1db9cd568bf
SHA3-384 hash:	ba58836111e5d3a000ef2f9348716606790142b6f692c3b7117f107c90e4c626b13b145d4b0487ede1dc34c04ff8210b
SHA1 hash:	6e557d2b6ff012df376a05e257c7de934660637a
MD5 hash:	daeac8364a922b573716b3547862d80a
humanhash:	batman-missouri-burger-oven
File name:	daeac8364a922b573716b3547862d80a.exe
Download:	download sample
Signature	CryptOne Alert Create hunting rule
File size:	1'818'217 bytes
First seen:	2023-07-05 06:21:51 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0ae9e38912ff6bd742a1b9e5c003576a (10 x DCRat, 7 x RedLineStealer, 4 x AsyncRAT)
ssdeep	24576:F/rPkVdKtQBoZUApMttPdQuSsyL2iCONW3P3iPo7Q9v2B3usCn8F1jDnFRTLJZNm:PaqbGtAJKeNWP3X82B+3na1jDzTL7+t
Threatray	34 similar samples on MalwareBazaar
TLSH	T12B852301B9C09AB2D5732C731A788B25B67D7C201FB2D5D7D785681CAD321C0EA36BA7
TrID	89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39) 3.5% (.EXE) Win64 Executable (generic) (10523/12/4) 2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 1.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter	abuse_ch
Tags:	CryptOne exe

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

286

Origin country :

NL

Vendor Threat Intelligence

ANY.RUN Malicious

Malware family:

n/a

ID:

1

File name:

daeac8364a922b573716b3547862d80a.exe

Verdict:

Malicious activity

Analysis date:

2023-07-05 06:24:50 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0a708ebf-b716-44f3-b552-f2b0168bea24

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/407388/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Trojan.Uztuby.4.20085.29220.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Clean

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a window

Сreating synchronization primitives

Searching for synchronization primitives

Creating a file in the %temp% directory

Launching a process

Certego Dragonfly Suspicious

Result

Malware family:

n/a

Score:

  6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/95581/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

anti-vm greyware lolbin lolbin overlay packed packed regsvr32 replace setupapi shdocvw shell32

Link:

https://www.filescan.io/uploads/64a50c0d1aae5c95e186a3bd/reports/764bd7ee-46de-4b69-8f62-6d8628cd0ff1/overview

Hybrid Analysis Trojan.Uztuby

Verdict:

Malicious

Labled as:

Trojan.Uztuby

Link:

https://www.hybrid-analysis.com/sample/bfbe18d15b02ca49b998ced257354495d126513f86e26b8ad6dbe1db9cd568bf

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Malicious

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b30048e5-3a8e-4c82-a0f9-af80a2805c7b

Joe Sandbox CryptOne

Result

Threat name:

CryptOne

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1266981

Signature

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Tries to detect sandboxes / dynamic malware analysis system (file name check)

Yara detected CryptOne packer

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bfbe18d15b02ca49b998ced257354495d126513f86e26b8ad6dbe1db9cd568bf/

ReversingLabs TitaniumCloud Win32.Trojan.Fauppod

Threat name:

Win32.Trojan.Fauppod

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-07-05 00:31:22 UTC

File Type:

PE (Exe)

Extracted files:

18

AV detection:

21 of 37 (56.76%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=x67bruk3alfetomyz3jfonkesxismuj7q3rgxcww3pq5xhgvnc7q._file

Threatray malicious

Verdict:

malicious

Similar samples:

30f91a9f411187ee24ea1a19d9043c4065707e7c6754c96a8c7ad1fb18ce0d67

CryptOne

33e686777d4e60947c1bc7d7743f006901dd209ae7fa9c6bd3d758dfc9b0aafc

CryptOne

35e5460c102ca2f996d61d70d6bb06fb87014f7d2beccf35f3812ea534acd9d5

CryptOne

36194d07ea9897f2276215a1361291ba8e32843caf3056b4f096c213b1bfadb3

CryptOne

7eb0ebc81444d77b62e03f1757763740d77009bd53a01ef19ce66e4dfe9bff77

CryptOne

92b4f87f9ef64d1b37a657742438e136f72434dde1b8d30865e419534fdd8260

CryptOne

a2ddb2901e7b54c98ad8eb17a8b2a019b344a8c459aa15b29b4fda8962931486

CryptOne

c9d2a196a3a7209755613e769531990104393b8e96971aa1d757e3ab84696f8b

CryptOne

fba557d1ea30dc5810637b80408cc8d6491f33e5cb4def703f2b3413d476d93d

CryptOne

+ 24 additional samples on MalwareBazaar

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  7/10

Tags:

n/a

Link:

https://tria.ge/reports/230705-g4xq1acc8y/

Behaviour

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Loads dropped DLL

UnpacMe 2

Unpacked files

SH256 hash:

a436edda8015b084da509664bfdf5f6d99b433c9e66330077f8354ec62ffe308

MD5 hash:

96dc466ca50d44c8b10181ef09fd9c36

SHA1 hash:

6a98311593fa8152ba098c13773d32399cd51203

Link:

https://www.unpac.me/results/735bdcc4-54bb-4abb-8aa8-242525aa5b49/

SH256 hash:

bfbe18d15b02ca49b998ced257354495d126513f86e26b8ad6dbe1db9cd568bf

MD5 hash:

daeac8364a922b573716b3547862d80a

SHA1 hash:

6e557d2b6ff012df376a05e257c7de934660637a

Link:

https://www.unpac.me/results/735bdcc4-54bb-4abb-8aa8-242525aa5b49/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bfbe18d15b02ca49b998ced257354495d126513f86e26b8ad6dbe1db9cd568bf

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CryptOne

exe bfbe18d15b02ca49b998ced257354495d126513f86e26b8ad6dbe1db9cd568bf

(this sample)

  

URLhaus

https://urlhaus.abuse.ch/url/2675870/

  

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/407388/