MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1268d5dc321b64579a0a68ba97c32f315ebd23d2f895a47c72b9ed54172eb69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1268d5dc321b64579a0a68ba97c32f315ebd23d2f895a47c72b9ed54172eb69
SHA3-384 hash: 2eb7b7599aa27d20f2d2688a31f64f9d9b6b28e4aba8d1d7a23d63ad97d2d8aae27e8cc7a3f5d4e755ce1073e55ac8d0
SHA1 hash: ed695ac283d11f4895a3e39e1ad693088bc78bf5
MD5 hash: 646e15315618ce124961535601208825
humanhash: chicken-timing-oxygen-black
File name:646e15315618ce124961535601208825.exe
Download: download sample
File size:2'173'185 bytes
First seen:2022-03-22 19:01:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b78ecf47c0a3e24a6f4af114e2d1f5de (300 x GuLoader, 23 x Formbook, 21 x RemcosRAT)
ssdeep 49152:ev3PqgUs7HnHNS/DIpaxTLKtNuc0GT8GxQ3yg0ALDCOlFinsM:U3BUs7nNe+YGtsc08bG3gA3lgP
Threatray 2'630 similar samples on MalwareBazaar
TLSH T149A533347E61CF87F21B75B285B6FAA37229FA55B3C2460727812F54DE2D87B081850E
File icon (PE):PE icon
dhash icon 69ccd4d49696cc71 (13 x Adware.Adload, 8 x CoinMiner, 7 x ValleyRAT)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
169
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/255111/
Detection(s):
SecuriteInfo.com.BackDoor.Siggen2.2488.26461.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/10490/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/623a1d6eb94fb38cb4d1073c/reports/ad010b6a-23ff-4df1-baa4-634895c62328/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7c731368-5aa9-4442-bdd0-c52da8414396
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/962048
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c1268d5dc321b64579a0a68ba97c32f315ebd23d2f895a47c72b9ed54172eb69/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-22 19:02:39 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
14 of 25 (56.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1273c78b4f196fc982cb1e9b7abe9d2b5c4f10c5486e7a891615bb273fef419d
35e4927ea02978e01bee3917c5c2c92d46308473bf3eaf4ef1d4d3c0eb0a0d4f
3de11e9ba2b8db6be4069506a95bc31250d8ae8d0df5e8fec66121a05f1ccbc6
4f9d6b736fbd00a1b8790ab77d6bde5b573b2177b7606724d2b6406839ceae3d
6997b092bad4debd075be5e71976075f262e0e21f47e34db16ba1985d51d8017
a5c940653c3b19cacd1378f2081feb377f2791257fbef36cd64df3a0b1b7d4b4
ac80582931ac0fbe465b81a7f53894d9eebf867cae0c9e2865136078826bb49a
b643d5ee1be492fcbfbfb4c9b9bf3da8460b74ab2097b96e6545318c92f2ee26
c787a0aa20d047aec48e31f551fe6511c893f93abd0210a5cfbd95b3b9cc5750
dcb25316bc3b1978f4acb2cce9804787843d832b46939195550ccdfc2f7f947c
+ 2'620 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220322-xpsfqsghb2/
Behaviour
Enumerates physical storage devices
Unpacked files
SH256 hash:
c1268d5dc321b64579a0a68ba97c32f315ebd23d2f895a47c72b9ed54172eb69
MD5 hash:
646e15315618ce124961535601208825
SHA1 hash:
ed695ac283d11f4895a3e39e1ad693088bc78bf5
Link:
https://www.unpac.me/results/e77b1c7e-41e0-4e09-af0c-5596032727b4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.08
Link:
https://yomi.yoroi.company/submissions/c1268d5dc321b64579a0a68ba97c32f315ebd23d2f895a47c72b9ed54172eb69

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Ins_NSIS_Buer_Nov_2020_1
Create hunting rule
Author:Arkbird_SOLG
Description:Detect NSIS installer used for Buer loader

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c1268d5dc321b64579a0a68ba97c32f315ebd23d2f895a47c72b9ed54172eb69

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2109342/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/255111/

Comments