MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca1ce981b9afa2825ef0b0d089336b044e064427e83cf669a662f708bee19f6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA 1 File information Comments

SHA256 hash:	ca1ce981b9afa2825ef0b0d089336b044e064427e83cf669a662f708bee19f6a
SHA3-384 hash:	d8eac76efd20f0e8239b5f26f0d6e670a432932abd51488ee92abc859ba2a2fe69b44e706fe2c3fc36038beb70202bb2
SHA1 hash:	abd1caddb6f524e3d28838435e657e5b8bb9b6f6
MD5 hash:	3dd3f78e93e3ffcd99b502c99acb4747
humanhash:	mexico-bulldog-hydrogen-monkey
File name:	3dd3f78e93e3ffcd99b502c99acb4747.exe
Download:	download sample
File size:	469'997 bytes
First seen:	2021-08-17 07:53:52 UTC
Last seen:	Never
File type:	zip
MIME type:	application/octet-stream
imphash	49091c5c46d1ed156931ed11f43d3afa (1 x NetWire, 1 x njrat, 1 x Arechclient2)
ssdeep	12288:ZgIdCFdSZHZWbHE+QsB7J1Y11Vnhv6rQNBeB3u:SYYSZ5WbHTxJ1oVhCrQN0u
Threatray	579 similar samples on MalwareBazaar
TLSH	T1B8A4E112B7C580B2D1B356384EF8E731A93CBC605F294A5FA7D81B6E4E705806526FB3
dhash icon	cdabae6fe6e7eaec (20 x Amadey, 9 x AurotunStealer, 8 x CoinMiner)
Reporter	abuse_ch
Tags:	exe zip

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware2.26605.14043.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ca1ce981b9afa2825ef0b0d089336b044e064427e83cf669a662f708bee19f6a/

Verdict:

malicious

3e5ab0b50e64201cc2f6dd7be35f3d35c0736eef0477db88a71d2ff423048241

4cd1e24f58ebf4ea0b333e8ca2ea88c0d6185477505f5dccd317f37a0c60b293

7b8d051db7c6022c15d87abe13122f36e303b94f8616fe26a6d34d04b0a3889f

a34bd4c266e3891796816854e78d62384dcf36a8f456476e69d0dacf109d1737

aec584f657593d973f0e14a4cb30e6ceeb27c9173b72816a4123ba9cd4e90c1c

c2a645b457a4ba814aa0c116f2a501176531ce29d32a695c45c5022d6aabb271

ca5bf1a6c94417ce81dd3d605748406ef97e5ad47c26b36e55f0e2b9dd4a56e5

e184eaf3a4654b623d6d0aace224406b6ed11b5ef3f30c9f8b4f700524fc5ed3

e38724644ed4643ebcdea6b0ae8345bf094d9f6e6d81b0acb244f96a3129077e

+ 569 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210817-21fpz87gne/

Behaviour

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ca1ce981b9afa2825ef0b0d089336b044e064427e83cf669a662f708bee19f6a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	win_retefe_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.retefe.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip ca1ce981b9afa2825ef0b0d089336b044e064427e83cf669a662f708bee19f6a

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1527088/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample