MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9c31aa5e33282e7e4ca9360c0b249d2b86b667597050f6471854441d9b20c1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9c31aa5e33282e7e4ca9360c0b249d2b86b667597050f6471854441d9b20c1a
SHA3-384 hash: d0d503d422a315b64992e7d31f1759bc40d1f4b3fad0872d4fce5bf9a9c3fbea16ff2cb085b17f00441eac6121df6300
SHA1 hash: 0294c1b6787bce5f859574cb487bcabd34e0c8b7
MD5 hash: 54de06bfc685c29b0135e886b2e7afb7
humanhash: alabama-don-echo-mirror
File name:54de06bfc685c29b0135e886b2e7afb7.exe
Download: download sample
File size:4'529'152 bytes
First seen:2022-03-03 09:39:28 UTC
Last seen:2022-03-19 05:00:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7dc28ef949f54ad98c715895ecc34cff (79 x RedLineStealer, 2 x Formbook)
ssdeep 98304:tOGIdBR4L0tTakbCGjvuEB9LfTRQ/nTVGcp0ZSu9eMDLbU62Kh1VMs6:tOgqTakmGTnLbRuZp0dRDfAKhM/
Threatray 1'504 similar samples on MalwareBazaar
TLSH T11C26336F2298272FDC1AC079E799A7004BC2DC5AE4F5D77B27A086532E301F51A8D8DD
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
208
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/246896/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/32a0c68d-1402-4d3a-928c-9bbf731030dc
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/950193
Signature
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file has nameless sections
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9c31aa5e33282e7e4ca9360c0b249d2b86b667597050f6471854441d9b20c1a/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-03 09:40:15 UTC
File Type:
PE (Exe)
AV detection:
23 of 27 (85.19%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
00caa54a646237cf00f305613cdd9e0e8dd8e4dcd9706bbdfc71e22f6e673683
1bc92eb4c57a53addbbcb7c8f71cd91d9290d04b145aa6c12a040b42afefc0e3
2baec496257f3f6d81ecf505b00a5b6ad397dc4f82476f097e48ef7d7f3091c7
30250e1ddf5dd38e88f12ce6bc70b497c953172e79378cc86b46f358c6f562c5
64edbaff99fe8c87c2f5f826b0d1741c575295e3ab0c3d16db8bbacd2baebd30
8d59b88d0b88becf9f74354310db278563eb469ecf535146dc0a1f2c0d79de53
8f0ce948ee3b5f284eed19d5065de393931e6979eac0d177464d55e2e470c3e7
977c68b28f92df1f9cb32d67323dc5c13ee2da192f8007dbf893338529bd88e2
d565b1d34ef0e0ea0af9695e3f023e59275893b3c6036296417fe42f8fe5bf13
f2853986c7ac92ddb00441bb2aa1110b27ba523f49b90f45955575ae75075b87
+ 1'494 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220303-lm8jdsach5/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
a8f9fba0ff28ad48818317ecbe3119e90264529dcf3187a79795a68f5300a1b7
MD5 hash:
79af4185bdd96c6b24501670d164aec7
SHA1 hash:
af728b43167c611029b3fe9acc025cf46587c090
Link:
https://www.unpac.me/results/9378c2df-e654-4037-8020-76e1bf4dcd4a/
SH256 hash:
c9c31aa5e33282e7e4ca9360c0b249d2b86b667597050f6471854441d9b20c1a
MD5 hash:
54de06bfc685c29b0135e886b2e7afb7
SHA1 hash:
0294c1b6787bce5f859574cb487bcabd34e0c8b7
Link:
https://www.unpac.me/results/9378c2df-e654-4037-8020-76e1bf4dcd4a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c9c31aa5e33282e7e4ca9360c0b249d2b86b667597050f6471854441d9b20c1a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c9c31aa5e33282e7e4ca9360c0b249d2b86b667597050f6471854441d9b20c1a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2072474/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2072651/
Cape
Cape
https://www.capesandbox.com/analysis/246896/

Comments