MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c55fdc9556ca4c0b41855f2199d97132c8df7886e0ded1657c39b478905045a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c55fdc9556ca4c0b41855f2199d97132c8df7886e0ded1657c39b478905045a9
SHA3-384 hash: 55dae316c1bc55bb5c8a6cfa8b3734466ed66a23115a8d33a19592d8d3990b65efa8c05610c41f289f647936a124db0d
SHA1 hash: 76de692e05adaafef87a4fc85eb4c4352e3add75
MD5 hash: 25cbbc3cb49372975f7fe295bf083549
humanhash: arizona-river-india-orange
File name:25cbbc3cb49372975f7fe295bf083549
Download: download sample
File size:3'486'208 bytes
First seen:2022-01-14 09:10:15 UTC
Last seen:2022-01-14 10:42:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c284fa365c4442728ac859c0f9ed4dc5 (94 x RedLineStealer, 10 x RaccoonStealer, 8 x CoinMiner)
ssdeep 98304:M3dWAkdGfMFUmOjebIKZushetbaqxumrZSHGH:wBkAUFUmSeb3tslaZmrZYGH
Threatray 933 similar samples on MalwareBazaar
TLSH T16FF53333E30EE444E4871DFC05035F1EB057CECCC5DA212EE2EE69A9B45D96A5DA2C68
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
193
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
25cbbc3cb49372975f7fe295bf083549
Verdict:
Malicious activity
Analysis date:
2022-01-14 09:12:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/53038466-3857-4963-9a0d-f7ce29222c92

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/219260/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
Launching the default Windows debugger (dwwin.exe)
Searching for the window
DNS request
Creating a process from a recently created file
Unauthorized injection to a system process
Enabling autorun by creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/61e13dfdf2e8ec86fefc184d/reports/409c8819-6335-4655-87c8-2df686a4f3b4/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4b936834-dcc7-4d58-a56b-0267173680a7
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/920613
Signature
Allocates memory in foreign processes
Contains functionality to compare user and computer (likely to detect sandboxes)
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Tries to detect virtualization through RDTSC time measurements
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c55fdc9556ca4c0b41855f2199d97132c8df7886e0ded1657c39b478905045a9/
Threat name:
Win32.Spyware.Sabsik
Create hunting rule
Status:
Suspicious
First seen:
2022-01-14 02:16:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
18 of 24 (75.00%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
162ab00c0e943f9548b04f3437867508656480585369cb705613dd3accfd54c2
2cd29b8b5c71f0f7df5dd0bcedbb134977d9c6269861dddd65db1db203194c08
5285ffebc00e0e75efcb1944329d1708d658eb5b4e5928d191323d933a3673e4
87b1b6c23161d93aed2729e2fce32dc577793341e4755cdeaac41f8c50b76a56
935e889d242191efcd783fc0a72a3a1f8881314c39df20a5418ef66f306d080b
a9eb984c9de2d2d061babaaec8c15a04895af2cc0653d044f7092ba73013da5b
aea2cbc32b7925ab28e619b8deb5c540ea8e61ad631b02e348be04b87f44627a
b4a3cafc8553c06b17131e6b3afb38971312a4d91ae3349d2d118bdfc3d8de94
cfe1a9cedf12e5c01c4727d0b12de8ccecf696a64bf895daf2b71e4131f1e1de
+ 923 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220114-k46wfsfefk/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Unpacked files
SH256 hash:
60f2d97aadc25052533ff69f798f0c9e62fd364cd768fd8374c0b78953a7574f
MD5 hash:
511063629cfa1c3664ea63f489887228
SHA1 hash:
e277b50e7d4bbf7e9d9ed52f3c6127f9814511a3
Link:
https://www.unpac.me/results/47000f14-6534-45c1-9a08-685026a504bb/
SH256 hash:
c55fdc9556ca4c0b41855f2199d97132c8df7886e0ded1657c39b478905045a9
MD5 hash:
25cbbc3cb49372975f7fe295bf083549
SHA1 hash:
76de692e05adaafef87a4fc85eb4c4352e3add75
Link:
https://www.unpac.me/results/47000f14-6534-45c1-9a08-685026a504bb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c55fdc9556ca4c0b41855f2199d97132c8df7886e0ded1657c39b478905045a9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c55fdc9556ca4c0b41855f2199d97132c8df7886e0ded1657c39b478905045a9

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/219260/
  
URLhaus
https://urlhaus.abuse.ch/url/1976199/

Comments


Avatar
zbet commented on 2022-01-14 09:10:17 UTC

url : hxxp://95.143.178.121/fpp4DYpi3.exe