MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c98f24879473b3767103a9f466a553468492bda4ecc52cda3f1a97996bd6b1ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c98f24879473b3767103a9f466a553468492bda4ecc52cda3f1a97996bd6b1ac
SHA3-384 hash: f8da8e176b01f984afb60fd6f24c1e8a71a99c972a795c32a44937255541a662f5eb37cdf06b47f16e47dea53bb511b4
SHA1 hash: b4c91d9dfcd533f14b20ec60d7c3e733c998e1aa
MD5 hash: 53d244a9a22591ed369e7c807f36f868
humanhash: sink-wolfram-spaghetti-minnesota
File name:53d244a9a22591ed369e7c807f36f868
Download: download sample
File size:2'171'392 bytes
First seen:2022-11-21 02:58:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 49152:Idb37Ww9Gb9iYv4hZwnKA0lZ3hqo51dMp59Np:IZWw9M9ihwH0lZ3yp5Pp
Threatray 684 similar samples on MalwareBazaar
TLSH T183A53345CF889AF9C09E463325636CD89D36DE8EF4DCC39E3148BA11AA3371253649DB
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 71f0e0e8e8e0f072 (1 x RedLineStealer)
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
193
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
53d244a9a22591ed369e7c807f36f868
Verdict:
No threats detected
Analysis date:
2022-11-21 02:59:26 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e6fb1dc2-d341-4a75-a14a-4095f37b826d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/336521/
Detection(s):
SecuriteInfo.com.Win64.DropperX-gen.8041.30966.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/637ae976903ba0eaf36cc3de/reports/a5719c20-d341-4aa2-b63b-5a1820cce1f8/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1acd0b99-69bc-433f-9e3f-ae51113937b0
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1117750
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c98f24879473b3767103a9f466a553468492bda4ecc52cda3f1a97996bd6b1ac/
Threat name:
ByteCode-MSIL.Trojan.Ursu
Create hunting rule
Status:
Malicious
First seen:
2022-11-21 02:59:11 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
12
AV detection:
16 of 25 (64.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zghsjb4uoozxm4idvh2gnjkti2cjfpne5tcszwr7dklzs26wwgwa._file
Verdict:
malicious
Similar samples:
103a85c0dd442761afed6126d516f296998464568883728bc39cdf19b8be4fe3
35ca6701da097e3d91b7fa6d018e6e897cbc82381508adf252249a478da6a1b1
4035b1ab240beb234390a5dacc78515bd39a5ac7233a53ec7df877c1fb31126a
45215b8cc47cfa93874fbf5252888163c4ea43c4aeb8ac63960e43406f9f7b40
69d79138d27925a537f1b6aa6559e99890672ed20568541439759858c327145a
8205532fed73e4318afcfd72b7d27349bd811fab096577f08e7f5d7a15f95ead
9e9384a14b3cb6360a27e6f5b5d772332054c47ca8258f541d2095a815fd825a
a4e7fb14a7040df47a53e6f001c0ea83cc52e1376094c184d46a46e833933236
e50aaf213bfe58598cca3d541a5347f4a59f8e9ca39dcd29b48e28f0a7a29b40
ec56eaed4e42de73eb1f44c29d4a43bdadc6e4b2ad38456d62d7e81675469a5e
+ 674 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery
Link:
https://tria.ge/reports/221121-dgqsdsbf57/
Behaviour
Suspicious use of AdjustPrivilegeToken
Creates a large amount of network flows
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d0d45989-cf38-4a91-8c0c-428f65c29046
Unpacked files
SH256 hash:
c98f24879473b3767103a9f466a553468492bda4ecc52cda3f1a97996bd6b1ac
MD5 hash:
53d244a9a22591ed369e7c807f36f868
SHA1 hash:
b4c91d9dfcd533f14b20ec60d7c3e733c998e1aa
Link:
https://www.unpac.me/results/09f2dc6a-c6ca-4ef0-b4f5-b5d41fc61cc4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c98f24879473b3767103a9f466a553468492bda4ecc52cda3f1a97996bd6b1ac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c98f24879473b3767103a9f466a553468492bda4ecc52cda3f1a97996bd6b1ac

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2428071/
Cape
Cape
https://www.capesandbox.com/analysis/336521/

Comments


Avatar
zbet commented on 2022-11-21 02:58:11 UTC

url : hxxps://dispodownload.com/loader.exe