MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c72aa9c4df96e6768a8a1db299a8e787ac729faa40c536fa4344f82d4670a947. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c72aa9c4df96e6768a8a1db299a8e787ac729faa40c536fa4344f82d4670a947
SHA3-384 hash: 96d714070895dba62f607cff2e59acb9e40fbfbc35fd027e1f16acbb5bf0ea59586a177db1ae4fe116ba39d723d4512e
SHA1 hash: 61d1345c46929ee0252eb3f0672ddecd556627b9
MD5 hash: f9e4785fbb7c441722f89b6a7b17336d
humanhash: happy-zebra-ohio-artist
File name:f9e4785fbb7c441722f89b6a7b17336d
Download: download sample
File size:1'105'920 bytes
First seen:2022-03-26 22:27:23 UTC
Last seen:2022-03-27 00:27:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a945bbba5e19a9f29aa1458bdc91ed8a (6 x Smoke Loader, 6 x SystemBC, 5 x Worm.Ramnit)
ssdeep 24576:wfsR8o3JTx4kuyQnYmEopLYf/TZRIG5tbO3HQyTB/kAZYwF8:wc8o312kuyQnYmEIeRIG5t0HQk+Aq/
Threatray 1'329 similar samples on MalwareBazaar
TLSH T10535230334D3C573C08AB136B866C3166BAA24615863694F57F6077A7F302F1F6AA71B
File icon (PE):PE icon
dhash icon 5c59da3ce0c1c850 (36 x Stop, 33 x Smoke Loader, 26 x RedLineStealer)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
289
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/258097/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.32470.17753.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Creating a window
Launching a process
Sending a custom TCP request
DNS request
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/11552/overview
Behaviour
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
azorult greyware packed
Link:
https://www.filescan.io/uploads/623f9373a19c64941296067b/reports/28ccad45-32ba-4b52-a01f-abea3356dc4e/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/71306845-a845-4168-a973-245968cc8d4e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/965153
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c72aa9c4df96e6768a8a1db299a8e787ac729faa40c536fa4344f82d4670a947/
Threat name:
Win32.Trojan.Strab
Create hunting rule
Status:
Malicious
First seen:
2022-03-26 22:28:11 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
157757f5065076824ea142b1e3910b51326149a0a457f986cc4270b5fec1d319
2f43972540a6cae0eb4e50d142860bdc278b44b9b4606747c58e19383efa82f5
69f4f29d3eb2f05d7b7f4f736375765b7ed97d0948460adb95ad134b1f54a880
97a1dadc6e1ccaa807240649c63f175169b0badaf65be530e98ad7790d69fc1e
a71159cffa18ebb762f121760decde078c80061237c1f7bd3928787c258fba4f
c7a4fad10ef66516e492ab30d600be219ea259c4f0a42a3f664ae7b3cd94e2b7
d5faba20007266314cf176b9e49ccbc35c3fd2b0982fcd73f7b5794539b42e89
e1511e934906072c0717e68c0a05b04c61846f7ad15ce323b61f854a24c86b15
+ 1'319 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220326-2dmhkaabb8/
Behaviour
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Blocklisted process makes network request
Unpacked files
SH256 hash:
3925888db33cf6fba6212f9f76aa7605448e2d72d187c026cbdb7127c487f092
MD5 hash:
201d871d2d104f028b8e76c6b913bd05
SHA1 hash:
b55b599c2e31c7ec14b9f84e0c0b92c7e9ab6a84
Link:
https://www.unpac.me/results/69b09b8c-65f6-4f6f-9d9f-a3f435e145c9/
SH256 hash:
c72aa9c4df96e6768a8a1db299a8e787ac729faa40c536fa4344f82d4670a947
MD5 hash:
f9e4785fbb7c441722f89b6a7b17336d
SHA1 hash:
61d1345c46929ee0252eb3f0672ddecd556627b9
Link:
https://www.unpac.me/results/69b09b8c-65f6-4f6f-9d9f-a3f435e145c9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c72aa9c4df96e6768a8a1db299a8e787ac729faa40c536fa4344f82d4670a947

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c72aa9c4df96e6768a8a1db299a8e787ac729faa40c536fa4344f82d4670a947

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2115813/
Cape
Cape
https://www.capesandbox.com/analysis/258097/

Comments


Avatar
zbet commented on 2022-03-26 22:27:24 UTC

url : hxxp://23.106.123.56/root.exe