MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BlackShades


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5
SHA3-384 hash: 519592a1f08bb08de0e819dbbcc99424d26fbf4f2a532b20c8e85cb96f0385824cda29cd07768e752c7934994d106d9f
SHA1 hash: 9060be0faf1fbc55f2e05cbe02e2b713292e705b
MD5 hash: 420992774956df11eea2992aa4921241
humanhash: magnesium-tango-eighteen-gee
File name:DHL Shipment Doc.scr
Download: download sample
Signature BlackShades
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 04:37:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fe71f5151e280ff91324ff97d45b8941 (1 x BlackShades)
ssdeep 1536:9SPfxV40DkQfkgrKHxLdGKc+o0FDHdZ1gIcF8Jfc1hpYpj5zlQ:YPXI2KVdhjFD9zIKehq35Q
Threatray 844 similar samples on MalwareBazaar
TLSH 27B37C17ED4D8613D1048BBD3D178EB93B0DB82D0A405BDF71399E9BAD326421C9722E
Reporter jarumlus
Tags:BlackShades

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7998112-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 23:00:00 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yhgpq2e55cf6gkeqgrpektps6h5jbypeam6a6y2ckaa26qxxv32q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
BlackShades
568da887725ccfdc4c5aae3ff66792fe60eca4e0818338f6a8434be66a6fe46d
BlackShades
57bb966172a1d6bc994a682ef5da9b8b8fdabef539f44024c7e9368e6416d457
BlackShades
765500e5e5af3c7320a36073ad19d4ba4bd15a21a5c65e2ed61eabfc428244c7
BlackShades
7f75534af5e989dd99a02227f555d7fdb4b57396b2eb8fb02eb71623b857395e
BlackShades
8eeb849d5c8c4f3e9e1d2e6bd4f1de00f3c709555c5be74534063372dc4ffa6e
BlackShades
c5ef77c9b5293774ac7a58fba97cce6a84d3948af08b014a08c155e978c09eef
BlackShades
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
BlackShades
f345455cae0e8e49f4c68468a461dd2cf63384268e86a5eb78c4b5119c7038f2
BlackShades
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
BlackShades
+ 834 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-v7ne8ykgb2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BlackShades

ace a669fb6f68b20ea127dfc334951bcacdd6a3de7136b554f382b4437d4a0b5626

BlackShades

Executable exe c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5

(this sample)

  
Dropped by
MD5 888aa83c0a5e6bd98992c40fffc5f450
  
Dropped by
SHA256 a669fb6f68b20ea127dfc334951bcacdd6a3de7136b554f382b4437d4a0b5626
  
Delivery method
Distributed via e-mail attachment

Comments