MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7a4fad10ef66516e492ab30d600be219ea259c4f0a42a3f664ae7b3cd94e2b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	c7a4fad10ef66516e492ab30d600be219ea259c4f0a42a3f664ae7b3cd94e2b7
SHA3-384 hash:	56d486d8bea988f112458f5fd8f9d6916f8e294a65923e722e31f4466ec17a499f5f723811bf7910e56ba67945dab99e
SHA1 hash:	220fdf8809752e3cf4ea4206966337270411f18a
MD5 hash:	c21104db07b5529464e9dacf00461f62
humanhash:	seventeen-one-timing-lactose
File name:	SecuriteInfo.com.Variant.Midie.108052.14477.13432
Download:	download sample
File size:	2'231'296 bytes
First seen:	2022-03-23 09:18:27 UTC
Last seen:	2022-03-25 07:00:59 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e36bf2cd7229c855562e0cd74016f1d8 (6 x DanaBot)
ssdeep	24576:H6CMgxlUCaOrSImOC45R5cNfxojzB2kgrxGMrLPbeHr8/L9v6c+TyUTkN9ATiVv:aHJtfxoIkKDeHr8D9vITNTOv
Threatray	1'522 similar samples on MalwareBazaar
TLSH	T100A53B36A344B23BD06D1736852AA65D803A7774E910EC7BF7900E8C6EBDBD0962D707
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

109

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/256103/

Detection(s):

SecuriteInfo.com.Variant.Midie.108052.14477.13432.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

advpack.dll anti-debug at.exe bitsadmin.exe cmdl32.exe csc.exe diantz.exe esentutl.exe evasive expand.exe findstr.exe fingerprint hacktool ie4uinit.exe installutil.exe jsc.exe makecab.exe mmc.exe pcwutl.dll printbrm.exe psr.exe regsvcs.exe replace.exe rpcping.exe runonce.exe schtasks.exe stealer wab.exe wmic.exe

Link:

https://www.filescan.io/uploads/623ae669b94fb38cb4d7fd9e/reports/bed95d0a-5a8a-4cab-94cb-eed0ee2c0f7a/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Gathering data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/962690

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c7a4fad10ef66516e492ab30d600be219ea259c4f0a42a3f664ae7b3cd94e2b7/

Threat name:

Win32.Downloader.Upatre

Status:

Malicious

First seen:

2022-03-23 07:53:37 UTC

File Type:

PE (Exe)

AV detection:

26 of 42 (61.90%)

Threat level:

3/5

Verdict:

malicious

26d64a54a7d7c19a0c9c865c6ba67a4bbda227599f1e7d79e08a570637c4ea12

343b785bdc3ee599f7962a90b02c3638c470e486fe43fff73c0ee5fbb8eb0a50

4e97c34bc866c9e70fca69b0375d14534d98bccfaae683924a08328c75ab5416

6e33bb5afea750c9d310218cf18796b7e1754332684bf92806ccba081bcc5a69

a0a944db45538f11089813fd89eeed36cdefa6204e52ba305251832ed0045860

a664d80c5b8a2203288086ed56c42f443622e787beae17677b1504ab524a2795

dcedf234c0f9d6fe3a4392693c82708c70c8e243f42f2e7073d35bd928f3b526

f607c65a219c8cf3a25a5a4338019a0814592c0cfaf5b466dbd0917167245ed0

+ 1'512 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

collection discovery spyware stealer suricata

Link:

https://tria.ge/reports/220323-lacaesfgfn/

Behaviour

Checks processor information in registry

Modifies registry class

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Enumerates physical storage devices

Program crash

Drops file in Program Files directory

Suspicious use of SetThreadContext

Accesses Microsoft Outlook accounts

Accesses Microsoft Outlook profiles

Checks installed software on the system

Reads user/profile data of web browsers

Blocklisted process makes network request

suricata: ET MALWARE Danabot Key Exchange Request

Unpacked files

SH256 hash:

c7a4fad10ef66516e492ab30d600be219ea259c4f0a42a3f664ae7b3cd94e2b7

MD5 hash:

c21104db07b5529464e9dacf00461f62

SHA1 hash:

220fdf8809752e3cf4ea4206966337270411f18a

Link:

https://www.unpac.me/results/64a44240-1c98-42b0-b74c-d7aa1647e8d8/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/c7a4fad10ef6/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c7a4fad10ef66516e492ab30d600be219ea259c4f0a42a3f664ae7b3cd94e2b7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe c7a4fad10ef66516e492ab30d600be219ea259c4f0a42a3f664ae7b3cd94e2b7

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2111882/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/256103/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample