MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8e4bb48e136239d20bbcd1185fc4e4a761ba307460323f64c9ea1ae4275d330. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8e4bb48e136239d20bbcd1185fc4e4a761ba307460323f64c9ea1ae4275d330
SHA3-384 hash: ff60db7bd9c4853ec6e28f5955fcdeb3d6bcf49aec362caecad6b07e23e95b504c118606fa9ac47dd88523c9b4444d10
SHA1 hash: 62477c6a471fefe0b15b65e6af10c2c2e6d6c348
MD5 hash: 8174d67ec7fdf977871eb6323b267790
humanhash: queen-edward-happy-arkansas
File name:8174d67ec7fdf977871eb6323b267790.exe
Download: download sample
File size:205'824 bytes
First seen:2021-07-24 07:03:39 UTC
Last seen:2021-07-24 07:55:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash aabecce90cba3617d076b35acfada43f (4 x RaccoonStealer, 1 x DanaBot)
ssdeep 1536:bNY7oOQdh4gqTkQaeIIBnl3Cyr7IRF8mZD2kIDgPvnjKWp7kMHoE2Pb5kpmK/WyP:bNceEa4jIRFlI0P/p70BPuxaWC8C
Threatray 214 similar samples on MalwareBazaar
TLSH T1BC14AE19FAB0C872D0A50A7058EAC7A4276DBC217E60DD47369B3B5F2F311C2266635F
dhash icon 48b9b2b0e8c38890 (13 x RaccoonStealer, 5 x RedLineStealer, 3 x Glupteba)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
D55D3D69132F9C5B385567127A2E6569.exe
Verdict:
Malicious activity
Analysis date:
2021-07-24 00:24:39 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/3f1088c7-0fe4-4e7b-9ec3-2884c9a252b2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/173855/
Detection(s):
SecuriteInfo.com.Variant.Zusy.394875.10171.9610.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f92dbd7a-6934-486d-bdbc-e560c682b7fc
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/821182
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c8e4bb48e136239d20bbcd1185fc4e4a761ba307460323f64c9ea1ae4275d330/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-07-24 01:18:24 UTC
AV detection:
18 of 46 (39.13%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1a98ccd8e95f58b3d1bacf63d45303790f59594f7c362b6f220e7a40e92117b6
3a15a152dbd9dc30d0be526b565adb8d795d931dd1f5ea5c2e31fba91142ad8f
3cfe9f3d91956b6add8406f6824bcd6a6249eebcbfa3ed7cfd6f49ee7ab9c226
659b32b98b48e30f28ab64f2922d869d26061a6ac8ebbbe33def7c8fc532e27a
7d5cb7b56d0f4a11cd2c5049552c0f06bb03a743f44fdffa47339e204fd9ff26
8e7b9993e8f860c3d0d68243fb65a22fb6163da6c7590998bef1fac286ea81a5
b11448ac4d9b70314836a2ebb59b545594693d148428ddedeed27ef3949cdb87
bf04c8a42f5e657b0391f725f98ceeadd88ed61a5056671ca54c65215b06a5bf
ed7f141aa53017f734f508ee23f427fc7ecac0f6bfa6278907c1fce6f4bac252
fb0e1ec6d46c0f355348c767639767c7a23cbe2beb721aafc01f7018ccdb46b1
+ 204 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210724-g67x85r1d6/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
19189d845acac54398888e27a66eb3771588bbde2080d3d3aab138053aee89e0
MD5 hash:
d850f8d4823240e54f834f85e09bd9e7
SHA1 hash:
2b7d73ebe87cf045464714074b06e756e788d05d
Link:
https://www.unpac.me/results/0cfdeea0-3bc8-4381-b37e-69d70fcc537f/
SH256 hash:
c8e4bb48e136239d20bbcd1185fc4e4a761ba307460323f64c9ea1ae4275d330
MD5 hash:
8174d67ec7fdf977871eb6323b267790
SHA1 hash:
62477c6a471fefe0b15b65e6af10c2c2e6d6c348
Link:
https://www.unpac.me/results/0cfdeea0-3bc8-4381-b37e-69d70fcc537f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c8e4bb48e136239d20bbcd1185fc4e4a761ba307460323f64c9ea1ae4275d330

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c8e4bb48e136239d20bbcd1185fc4e4a761ba307460323f64c9ea1ae4275d330

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1305563/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1476070/
Cape
Cape
https://www.capesandbox.com/analysis/173855/

Comments