MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3082ca1ff78252e4cbb6f83a2fc5c9f04ad879ac784306d02f721fc9a0175c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3082ca1ff78252e4cbb6f83a2fc5c9f04ad879ac784306d02f721fc9a0175c1
SHA3-384 hash: f58b6fc91b82776ff9fe076c14cadced671a876ef16656d9f6f47b3f64db0afebb5d7cd41c5d2e6219ee10dd9b34bd80
SHA1 hash: 57a8afbd03559afac1574d750f42e76cba5ebe65
MD5 hash: 523e9b778b9b3feb91bda693a788ebca
humanhash: skylark-massachusetts-oxygen-april
File name:Bjfwelfichwhbfqwpqibblnnljlzkkvqhy.exe
Download: download sample
File size:811'008 bytes
First seen:2022-08-11 01:08:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0f063ac472552ed0da6bae980410a3a5 (4 x RemcosRAT, 1 x DBatLoader)
ssdeep 12288:GUywFbPxwsZujvtAe76JlDgeIDQlS4nSz7eIa3fWyMhk2VqKoS:j9lxZZupAeC5geEwS4nSzNyalVqKoS
Threatray 661 similar samples on MalwareBazaar
TLSH T1E2059F32B2E3EC33C25A04B7EF26C17898A57E59693CE1816BD41BB94FB1B11A51F143
TrID 28.5% (.SCR) Windows screen saver (13101/52/3)
22.9% (.EXE) Win64 Executable (generic) (10523/12/4)
14.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.8% (.EXE) Win32 Executable (generic) (4505/5/1)
6.5% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon b2b0aca6a6baf66a (4 x RemcosRAT, 4 x DBatLoader, 1 x Formbook)
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
246
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Bjfwelfichwhbfqwpqibblnnljlzkkvqhy.exe
Verdict:
Suspicious activity
Analysis date:
2022-08-11 01:08:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bd998cf4-f346-43bf-8b4c-7e4075c7f8af

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/297801/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.25061.23586.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/28618/overview
Behaviour
MalwareBazaar
CheckScreenResolution
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
keylogger zusy
Link:
https://www.filescan.io/uploads/62f456b8f6ec33747d94ff4b/reports/efc6f6d2-8518-4b1e-afcf-58e361e91023/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/69fed01d-80db-4708-a3d9-9721084260a9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1049624
Signature
Multi AV Scanner detection for submitted file
Yara detected UAC Bypass using ComputerDefaults
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c3082ca1ff78252e4cbb6f83a2fc5c9f04ad879ac784306d02f721fc9a0175c1/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2022-08-10 17:41:48 UTC
File Type:
PE (Exe)
Extracted files:
40
AV detection:
22 of 39 (56.41%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ymeczip7pass4tf3n6b2f7c4t4ck3b42y6cda3ic64q7zgqboxaq._file
Verdict:
malicious
Similar samples:
0454c0078d232502c16596fb561e698d11c2d68c1905d68a9578385a6a116a00
15e1d48f4ba136aa876c88c4fb16fe160795f40e9850252ce1a4f3a695b4fcb7
5fabffc9eb6177ac29a1e51bf2a8bde55ddd97e2f7c86134eb2512b927f1232e
6b8b620534b94530ba467af917e0365640b83b1edd8a39eaa00ebf441e2e34c0
7d5c7b03dcc7496b6dfb7f5726b3901d48da7ed3dd8e6d171db278e7ba9902b0
8043ea1eec1337542f54a3da01248f048588f43c2f5a434d425775dbb3ddd6b3
925e3fe8b8f4fa60dcfc261154c3fc8a6d296efcdb83ab1a18e710fa150090f1
bc061c3fc38da5c64b98ca941334021a3588891eed56ba0458f5f3ca6b364081
d09e0e3cdb3fa52dcea7852176dc97aac0741e85b22bd088fd0bf0633e3f3bbb
da74feae9e48cacba4741157f0f889c5328d9ae09931986c1b7d5b4208787d1c
+ 651 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220811-bhsl9shahn/
Unpacked files
SH256 hash:
59bea101fb9e28c28973658075d95ce6d43668d544e7903f943a6e139bbb62ad
MD5 hash:
645a2996fe2bcf58d071ff508049184a
SHA1 hash:
ccfd49330201acefab94c6337cd76ddfc5c3164e
Link:
https://www.unpac.me/results/9112c2d3-3ac7-4684-830e-ef2d4f02131b/
SH256 hash:
c3082ca1ff78252e4cbb6f83a2fc5c9f04ad879ac784306d02f721fc9a0175c1
MD5 hash:
523e9b778b9b3feb91bda693a788ebca
SHA1 hash:
57a8afbd03559afac1574d750f42e76cba5ebe65
Link:
https://www.unpac.me/results/9112c2d3-3ac7-4684-830e-ef2d4f02131b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.50
Link:
https://yomi.yoroi.company/submissions/c3082ca1ff78252e4cbb6f83a2fc5c9f04ad879ac784306d02f721fc9a0175c1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/297801/

Comments