MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc46dcaf1c9f9be0e98058eb356f0a6f5a776d86770f313ad6a07d2a807f0020. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 5 File information Comments

SHA256 hash:	cc46dcaf1c9f9be0e98058eb356f0a6f5a776d86770f313ad6a07d2a807f0020
SHA3-384 hash:	958e905a97d6893a31f520b5de35a2fd45e4a7d030913335b2e35b96b6da3f1137423a110dec0914c940ec5529916850
SHA1 hash:	ac8bfffedbbbef42960c0d9f23b86d9c37424f05
MD5 hash:	151218fec66bb600cd332836c08a1936
humanhash:	alabama-uncle-quebec-zebra
File name:	SecuriteInfo.com.Win32.CrypterX-gen.8271.2040
Download:	download sample
File size:	3'045'295 bytes
First seen:	2023-09-16 15:35:22 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0ae9e38912ff6bd742a1b9e5c003576a (10 x DCRat, 7 x RedLineStealer, 4 x AsyncRAT)
ssdeep	49152:HdgokOEY+BOhUI32mKJH1o5MTepxfMoaWeX9RialiTWKI6dbTNvpm2quVAzHKlnN:HUHY+FrO/CWetRx6Plzm2LVAzqqa
Threatray	92 similar samples on MalwareBazaar
TLSH	T1C5E5230277D1C5B2C4631D365629FF51F628BE305F368ADBA384642DEE221C1B635BA3
TrID	89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39) 3.5% (.EXE) Win64 Executable (generic) (10523/12/4) 2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 1.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

262

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Win32.CrypterX-gen.8271.2040

Verdict:

Suspicious activity

Analysis date:

2023-09-16 15:38:18 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/32776172-d23e-42c0-8ae2-66fceaede35d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/449052/

Detection(s):

SecuriteInfo.com.Win32.CrypterX-gen.8271.2040.UNOFFICIAL

Gathering data

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-vm greyware lolbin masquerade overlay packed packed regsvr32 regsvr32 replace setupapi shdocvw shell32 stealer

Link:

https://www.filescan.io/uploads/6505cb661edabd99829b9c7c/reports/7eb27584-c2cf-4dcb-ab3f-bdb72bae5387/overview

Verdict:

Malicious

Labled as:

Trojan.Uztuby

Link:

https://www.hybrid-analysis.com/sample/cc46dcaf1c9f9be0e98058eb356f0a6f5a776d86770f313ad6a07d2a807f0020

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a63de732-e28c-4f05-becb-5ee8ebb57223

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1309472

Signature

Antivirus detection for dropped file

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cc46dcaf1c9f9be0e98058eb356f0a6f5a776d86770f313ad6a07d2a807f0020/

Threat name:

Win32.Trojan.Zenpak

Status:

Malicious

First seen:

2023-09-16 13:45:14 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

17 of 23 (73.91%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zrdnzly4t6n6b2maldvtk3ykn5nho3mgo4htcowwub6svad7aaqa._file

Verdict:

malicious

308a98bc02cfedb4442f861ce17f746e367b2a794ddc90e56cedc9927f99b00a

54bbd40de4ec726d5a76d82a9ae961a72e5939b2c7aac5544f6ecfab4e0bf729

5dc2b20980fead6b5ae011a1fc8d9f7564193f01ce8881440acd2aee0426a06c

89abc14445a61a815bd5cd3c2e7e8971b6e4a51d00b3b861f2c0ca9bdd785ccb

a76e2528c8f137a894a670c34b820f4ee245584825568c7fff6708a57455d7d9

af680e8343ebc374210f71af4dd678a228b2b0d2bc875dc8f54e9730a490324d

bccd4c8104367f0d9f96167c71f5ec348f163ede23e31cb86cfde28e2d3132cf

c0ca3b7b303eb521724a9304137fc6a0c4b41b1f0af8c42da41275f17a880114

d92b5b079600e4b7db2b17374ce0f2e20e077a28f9275c5054b857de09377745

+ 82 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/230916-s1wv3sed39/

Behaviour

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Loads dropped DLL

Unpacked files

SH256 hash:

b85528d1936afa79f7b430a19611798e7df9bc63aaa3ceb3c7ea0d1fc5cbee20

MD5 hash:

53336d4263faadfde5260ead6b10fb1a

SHA1 hash:

09e980b79e7696aec19e0c30834ce4fe71532576

Link:

https://www.unpac.me/results/41f99135-7fe9-4954-9c02-165110f528fd/

SH256 hash:

cc46dcaf1c9f9be0e98058eb356f0a6f5a776d86770f313ad6a07d2a807f0020

MD5 hash:

151218fec66bb600cd332836c08a1936

SHA1 hash:

ac8bfffedbbbef42960c0d9f23b86d9c37424f05

Link:

https://www.unpac.me/results/41f99135-7fe9-4954-9c02-165110f528fd/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cc46dcaf1c9f9be0e98058eb356f0a6f5a776d86770f313ad6a07d2a807f0020

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	maldoc_find_kernel32_base_method_1 Create hunting rule
Author:	Didier Stevens (https://DidierStevens.com)

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/449052/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample