MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc34ea5bc63427bf2fb40927df5bbcd1f0c3f850c8033c693cc6f8c483e31c29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc34ea5bc63427bf2fb40927df5bbcd1f0c3f850c8033c693cc6f8c483e31c29
SHA3-384 hash: 17f69201d57dd4fcaf6c70ab4ae041bbc6163123e31cda0a89a486a3264959c2bf3fd849cdfed0f7f89753f490680e81
SHA1 hash: 49567cb427008f0704125b1118fb8027ddd07893
MD5 hash: 4f2e94422d7e68f9249e20f56de6246b
humanhash: cat-helium-angel-moon
File name:SecuriteInfo.com.Variant.Barys.319254.18369.28373
Download: download sample
File size:1'093'632 bytes
First seen:2022-08-18 09:40:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5f46666d491a382acce5e488bb8139c9 (1 x AZORult)
ssdeep 1536:14lCrCLVC5NCUHreddwO0G8belgG/ECts0bdlFvuO4EstZK1TKkXkQIc:uCrC5C5NLrI9dlg+x7Pl2M1Nuc
Threatray 13'775 similar samples on MalwareBazaar
TLSH T127353066C9691300E38C0BF835D3ED8E9774D20D5E9696D378F9217BA5AFE044EC1EA0
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.5% (.EXE) Win32 Executable (generic) (4505/5/1)
8.5% (.EXE) Win16/32 Executable Delphi generic (2072/23)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
316
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Variant.Barys.319254.18369.28373
Verdict:
Malicious activity
Analysis date:
2022-08-18 09:43:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/26ba3270-f08b-4b5b-b1cd-a7af81e1702e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/299561/
Detection(s):
SecuriteInfo.com.Variant.Barys.319254.18369.28373.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug anti-vm greyware hacktool obfuscated
Link:
https://www.filescan.io/uploads/62fe09aa3cbb9456913eff06/reports/77dad334-b17d-4af4-ae43-a57e5257068e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/779872b5-ecc0-4c6a-8182-2230e1eeb850
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1053723
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect sleep reduction / modifications
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc34ea5bc63427bf2fb40927df5bbcd1f0c3f850c8033c693cc6f8c483e31c29/
Threat name:
Win32.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2022-08-18 06:18:09 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zq2ouw6ggqt36l5ubet56w542hymh6cqzabty2j4y34mja7ddquq._file
Verdict:
malicious
Similar samples:
1b3495921d935edffa5714e2549cee5ef27e0909dda640cf8d93b5a63424771a
200b2ed6014cf60dbc87aa964adc53304c9731a0ec90122383781b03bfb1f97a
2769895af5c913d18386c518e8279a991e7ba1c02ab5bb92bb05f359f646caf5
28455b1a0b29240e95877cff96528b3a196f0cf3a63d9980dc70349cdc0e1e74
2f6957a17b9bc161dc74ac1bb60a20e75b1ce9f734baef833fbe6996f159078c
7e07af5d89e050c9a7e922455409518919f863f52e9cd4fa042532db10e1d269
917e03484856f0980f2150822a231e0f73e3cef3f074ea1644dcbd1082590399
af74b80210c8fd9f512427ff46e8ccbdf063a9eed4fa3ffe15f791880c5b8d1e
afa4507bce58af7b4050b41a86eabf424ac0e89a69b8a962c1dd58a1620457b5
bd06c34a413a4ca8e49ec57f8ea6f52f69eb16c4fce86db93761c4da50c94edc
+ 13'765 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220818-lnrl9sffe8/
Behaviour
Creates scheduled task(s)
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Executes dropped EXE
Unpacked files
SH256 hash:
fab8eaf3557edbe2f243fc01138cf5ed179d61c44d0bb931b59e4dbe71f142f4
MD5 hash:
3e828cdf1271a2ec7a6e2b2428cbed6d
SHA1 hash:
5e5619c638b786eb3a5cf8bd12368613e9734ff4
Link:
https://www.unpac.me/results/bbbdc3c1-f927-4074-9e3d-b9407055455f/
SH256 hash:
fab8eaf3557edbe2f243fc01138cf5ed179d61c44d0bb931b59e4dbe71f142f4
MD5 hash:
3e828cdf1271a2ec7a6e2b2428cbed6d
SHA1 hash:
5e5619c638b786eb3a5cf8bd12368613e9734ff4
Link:
https://www.unpac.me/results/bbbdc3c1-f927-4074-9e3d-b9407055455f/
SH256 hash:
fab8eaf3557edbe2f243fc01138cf5ed179d61c44d0bb931b59e4dbe71f142f4
MD5 hash:
3e828cdf1271a2ec7a6e2b2428cbed6d
SHA1 hash:
5e5619c638b786eb3a5cf8bd12368613e9734ff4
Link:
https://www.unpac.me/results/bbbdc3c1-f927-4074-9e3d-b9407055455f/
SH256 hash:
62a951920a723b9d9004bd270667cbaf76e4ea6c5bd7609715732c9206f4901c
MD5 hash:
a67d18b78c825a030971f4fdaa9303f0
SHA1 hash:
47801ccdf5a6698f37d9d8284a7c3b89be75009c
Link:
https://www.unpac.me/results/bbbdc3c1-f927-4074-9e3d-b9407055455f/
SH256 hash:
933386c942e7235b87794930bf3e2681cd67009d27f8221a8c78ecf10b7b2e56
MD5 hash:
08affe27fc41e8c21db9dd5b1f0f6acd
SHA1 hash:
94e95aef6bb30d635b10488fd76d4c9f87763a05
Link:
https://www.unpac.me/results/bbbdc3c1-f927-4074-9e3d-b9407055455f/
SH256 hash:
e71f1265a402b770998efa468f1ac5a800a71346e5f269c485087dc09f11793d
MD5 hash:
ae968ca99db4f25183783ae2575af774
SHA1 hash:
60c631b9f13fb5fee4920ac47b2a1e9b8dea2d29
Link:
https://www.unpac.me/results/bbbdc3c1-f927-4074-9e3d-b9407055455f/
SH256 hash:
cc34ea5bc63427bf2fb40927df5bbcd1f0c3f850c8033c693cc6f8c483e31c29
MD5 hash:
4f2e94422d7e68f9249e20f56de6246b
SHA1 hash:
49567cb427008f0704125b1118fb8027ddd07893
Link:
https://www.unpac.me/results/bbbdc3c1-f927-4074-9e3d-b9407055455f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cc34ea5bc63427bf2fb40927df5bbcd1f0c3f850c8033c693cc6f8c483e31c29

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe cc34ea5bc63427bf2fb40927df5bbcd1f0c3f850c8033c693cc6f8c483e31c29

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2274178/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/299561/

Comments