MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c973c31f8af3d15abb5963e2764f534e5263828320e9c15e57c953392c32ce65. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gh0stCringe


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c973c31f8af3d15abb5963e2764f534e5263828320e9c15e57c953392c32ce65
SHA3-384 hash: 537fc2a660490dbb54fa1e1468a5c2c076b03cac138cb2d42a0969d899b5c7ce6075df3fc964deb2d698d1b7898546d1
SHA1 hash: 0ef80515de765da5c46913bd85f7c6f50866bcc2
MD5 hash: 2d50dbb80e4e0974ac31b1b7b0586b43
humanhash: mountain-five-iowa-failed
File name:2d50dbb80e4e0974ac31b1b7b0586b43
Download: download sample
Signature Gh0stCringe
Create hunting rule
File size:63'488 bytes
First seen:2021-06-24 00:12:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d9c7208ff3022bb34870c7ddeb406eb1 (5 x Gh0stCringe, 1 x Ramnit, 1 x Gh0stRAT)
ssdeep 768:jbz3IhpglwpDEq2m0j6Tf8V4Ie7ZZa3R1fb961vNPrl7EJnCJ0uSN:n4+wpDElm2IAUZZo1fbs1RVEZCJ01
Threatray 3 similar samples on MalwareBazaar
TLSH 9253070DE69EF0E2FF517530260E66328EBDB82C853C951F2E56694D1CF5B80A4AD372
Reporter zbetcheckin
Tags:32 exe Gh0stCringe

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2d50dbb80e4e0974ac31b1b7b0586b43
Verdict:
No threats detected
Analysis date:
2021-06-24 00:18:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/22c36ccf-34ca-485b-bf23-8f0b1ce43362

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Trojan.Mikey-9769164-0
Create hunting rule

Win.Malware.Farfli-9832713-0
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1529dcd0-7d3f-4ff7-b6ea-8bc0ffb1dee3
Result
Threat name:
Gh0stCringe
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/806971
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Checks if browser processes are running
Contains functionality to detect sleep reduction / modifications
Creates a Windows Service pointing to an executable in C:\Windows
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Sigma detected: Execute DLL with spoofed extension
Yara detected Gh0stCringe
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c973c31f8af3d15abb5963e2764f534e5263828320e9c15e57c953392c32ce65/
Threat name:
Win32.Trojan.Phonzy
Create hunting rule
Status:
Malicious
First seen:
2021-06-19 12:21:46 UTC
AV detection:
37 of 46 (80.43%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3eabf4e909e889bfcb994a36d041ced30c30a377a6a0d6057eda4b8f35f4ca0e
Gh0stCringe
4bb4435958fa48762b34905fc5ac50c78878eccb33252f72cb037d664cb60fc9
Gh0stCringe
a578e71d04eae80004ab431497c95fb9779a95dc7f0c60996c24c1cb7139745d
Gh0stCringe
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210624-m58b9xr8ts/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Drops file in System32 directory
Loads dropped DLL
Blocklisted process makes network request
Sets DLL path for service in the registry
Unpacked files
SH256 hash:
c973c31f8af3d15abb5963e2764f534e5263828320e9c15e57c953392c32ce65
MD5 hash:
2d50dbb80e4e0974ac31b1b7b0586b43
SHA1 hash:
0ef80515de765da5c46913bd85f7c6f50866bcc2
Link:
https://www.unpac.me/results/85540567-1985-468b-87b7-ce50991c29e4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/c973c31f8af3d15abb5963e2764f534e5263828320e9c15e57c953392c32ce65

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gh0stCringe

Executable exe c973c31f8af3d15abb5963e2764f534e5263828320e9c15e57c953392c32ce65

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1393010/

Comments