MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c98cb5ef26c659b30d3fc26fa45b27595337d83c32405d9298d799a975b736fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c98cb5ef26c659b30d3fc26fa45b27595337d83c32405d9298d799a975b736fb
SHA3-384 hash: 311f1d325d66a01cec37c4fbcfa9ed95f5ee6a3ab7f665443be78d7f011db81a1297f57ebb889b7fb0c2a13798441579
SHA1 hash: fc9f42ea2d0f738d6a3ee4952551a785f6bbac51
MD5 hash: ce977f0eaaaba80afc05abb7e1832269
humanhash: beryllium-california-eleven-kentucky
File name:ce977f0eaaaba80afc05abb7e1832269
Download: download sample
File size:355'840 bytes
First seen:2021-08-11 21:37:28 UTC
Last seen:2021-08-11 22:46:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash aa13d15d6dd2e094d4aa7be42a7367ea (5 x RaccoonStealer, 1 x DanaBot)
ssdeep 6144:dl1Mg/IZB2z4/3bvdLgrVejXPNIUi9rm7knGyHM:dbMg/Iy4/3zNFIUOmI
Threatray 6 similar samples on MalwareBazaar
TLSH T10E74F1127E7CCE32C49506714436C7B8697FAC90BE25414B3B983BAFEE713921676389
dhash icon e084f2e82cf8d0a6
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ce977f0eaaaba80afc05abb7e1832269
Verdict:
Suspicious activity
Analysis date:
2021-08-11 21:39:03 UTC
Tags:
installer
Link:
https://app.any.run/tasks/81bcf67c-a97c-47fa-baf4-e581eabfc0cd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/178399/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.3912.29604.16992.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Searching for the window
Sending a UDP request
Launching a tool to kill processes
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2305f83e-af2f-445c-ac14-8e59ed3d3b41
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/831277
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 463708 Sample: L4a9TWZNsW Startdate: 11/08/2021 Architecture: WINDOWS Score: 68 16 Multi AV Scanner detection for submitted file 2->16 18 Machine Learning detection for sample 2->18 7 L4a9TWZNsW.exe 1 2->7         started        process3 signatures4 20 Detected unpacking (changes PE section rights) 7->20 22 Detected unpacking (overwrites its own PE header) 7->22 10 cmd.exe 1 7->10         started        process5 process6 12 taskkill.exe 1 10->12         started        14 conhost.exe 10->14         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c98cb5ef26c659b30d3fc26fa45b27595337d83c32405d9298d799a975b736fb/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-08-11 19:37:45 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2ec6c6341ff83005a6515d942976d2092549312d419a29e59d0efb15d65749bf
4b027545342913b299157c8e60174c2c73bb8ae0b9a6343d4bd2d592f46092dc
67b1a7835687bf5851cf29539b2d0ce90ab30d373edfcf9ee54237026c67df33
82d6a5af89fc2c37abd8a1639195c197c83e5d883b448909ee9bdf1db25a269a
832bb287721c9ba37770ea80ae5ace489cb868ea655d022d88db12fb64106ea1
de4951605496dbd1b5e05f579b2601f45c459b9154b2c6a215517c4f8b3d0daf
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210811-4evpvz3gje/
Behaviour
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Deletes itself
Unpacked files
SH256 hash:
8aa4b35b358613c750fc60d80b2d46356622997975afbe56a0663b566b259635
MD5 hash:
1d950ea757becd94bd8fafbda076d838
SHA1 hash:
a3cd530992fce3f67c27eba96b59976772f47877
Link:
https://www.unpac.me/results/7b2b96ee-513a-41f2-9e33-ba99bd130bbc/
SH256 hash:
c98cb5ef26c659b30d3fc26fa45b27595337d83c32405d9298d799a975b736fb
MD5 hash:
ce977f0eaaaba80afc05abb7e1832269
SHA1 hash:
fc9f42ea2d0f738d6a3ee4952551a785f6bbac51
Link:
https://www.unpac.me/results/7b2b96ee-513a-41f2-9e33-ba99bd130bbc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c98cb5ef26c659b30d3fc26fa45b27595337d83c32405d9298d799a975b736fb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c98cb5ef26c659b30d3fc26fa45b27595337d83c32405d9298d799a975b736fb

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1525954/
Cape
Cape
https://www.capesandbox.com/analysis/178399/

Comments


Avatar
zbet commented on 2021-08-11 21:37:29 UTC

url : hxxp://37.0.11.8/WW/ner.exe