MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c84efa5991ab32373624d35d1cf4921ea0f9c2eb52d5703d059d5cba39280087. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c84efa5991ab32373624d35d1cf4921ea0f9c2eb52d5703d059d5cba39280087
SHA3-384 hash: 795cf6983e440b0004fa1673e187cf3367419c22a80ce7a763a48f6f9a75dc2107c27ff1ba2e0307eefe421350e7abc1
SHA1 hash: cf2e0d1d54ad1edbeb73ddad5ae9ff1bd9d148d1
MD5 hash: 8137fd340b95ee840fcc59cfda1b822f
humanhash: bravo-wisconsin-robert-uranus
File name:8137fd340b95ee840fcc59cfda1b822f
Download: download sample
File size:454'144 bytes
First seen:2021-08-21 03:30:59 UTC
Last seen:2021-08-21 04:48:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ad1c5bf15a899fcfef408e3485448e67 (11 x RedLineStealer, 2 x StealthWorker, 2 x Smoke Loader)
ssdeep 12288:3P3K3m4LJ7/V8iZwmJI+L1ifbzvWtCTTXyfMPH1c1V:b4LJ7VI+L8ACTTXyfMfy1V
Threatray 4 similar samples on MalwareBazaar
TLSH T1BEA4D020B6A4C039E0F311F4557DE3BC692CBDB16B6450CB62D626EE96372E4DE30687
dhash icon ead8ac9cc6e68ee0 (118 x RaccoonStealer, 102 x RedLineStealer, 46 x Smoke Loader)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
8137fd340b95ee840fcc59cfda1b822f
Verdict:
Malicious activity
Analysis date:
2021-08-21 03:34:21 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/bb45c7ad-d0a5-43e9-8a74-71a21b45a315

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/181057/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.9695.25459.14373.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Creating a window
Connection attempt
Sending an HTTP GET request
Sending a UDP request
Deleting of the original file
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f26415e7-3345-4cb3-9a22-dcfed798aa6f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/836744
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c84efa5991ab32373624d35d1cf4921ea0f9c2eb52d5703d059d5cba39280087/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-08-21 03:31:06 UTC
AV detection:
15 of 46 (32.61%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1a512b670911187dd2cc6a04b8da5d96b70df6129234b4fd97e30fcda7470365
4cca9091484e1b53c182d79607fe3c334c19176a1d5f8f91624c3565e24f49b8
a050c0bd12d9a09611dbce5d20787e37f907996908edb311570530feab91efed
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210821-vxfqnbwt32/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Deletes itself
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
ed08cb5a40ff40bfa398b1a3ac6d2ab9cc92b56e971287c94463dd389fb5f26a
MD5 hash:
d299991063d72d9e2b9d93f6cc1cb70d
SHA1 hash:
48c115b11a614aeb6c7575bc0e7966a4d4cc7cb2
Link:
https://www.unpac.me/results/26d6d299-467d-4c24-8bd9-f8de30f64c30/
SH256 hash:
c84efa5991ab32373624d35d1cf4921ea0f9c2eb52d5703d059d5cba39280087
MD5 hash:
8137fd340b95ee840fcc59cfda1b822f
SHA1 hash:
cf2e0d1d54ad1edbeb73ddad5ae9ff1bd9d148d1
Link:
https://www.unpac.me/results/26d6d299-467d-4c24-8bd9-f8de30f64c30/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c84efa5991ab32373624d35d1cf4921ea0f9c2eb52d5703d059d5cba39280087

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c84efa5991ab32373624d35d1cf4921ea0f9c2eb52d5703d059d5cba39280087

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1523998/
  
URLhaus
https://urlhaus.abuse.ch/url/1524012/
  
URLhaus
https://urlhaus.abuse.ch/url/1529939/
  
URLhaus
https://urlhaus.abuse.ch/url/1525305/
Cape
Cape
https://www.capesandbox.com/analysis/181057/

Comments


Avatar
zbet commented on 2021-08-21 03:30:59 UTC

url : hxxp://91.241.19.52/Api/GetFile3/