MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cca3580005fea3f7e2b73fa7160826aa8c6d9e9be2fca3237d3c52752e0e67b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cca3580005fea3f7e2b73fa7160826aa8c6d9e9be2fca3237d3c52752e0e67b3
SHA3-384 hash: c63aca5a6d608fc2dd10e328272811baf139aa7e23f903e58395f9edc41a96f41ea410da978edad01a26bb1258ce4653
SHA1 hash: d4e048308577fc202d5dd1ce2ce8f571e0dfef18
MD5 hash: db74fc905e06765cdcbddbb88fbaa5c3
humanhash: neptune-hotel-lion-montana
File name:db74fc905e06765cdcbddbb88fbaa5c3.exe
Download: download sample
File size:312'320 bytes
First seen:2021-05-10 07:34:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7c516f0005b0469896f265e0367d8622
ssdeep 6144:oQppG3w4v5aSxdekxSo3Pjf+dDyldRUNeV2E3Mk:oQu3w4ckxSkb+d3NeV2s
Threatray 989 similar samples on MalwareBazaar
TLSH 69649D2176E0E032DCA2153A4925C7F88E7BB436AA2585CF7FD41A79DF247D1B63130A
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/153813/
Detection(s):
Win.Malware.Generic-9860053-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Launching a process
Sending a UDP request
Creating a process from a recently created file
Enabling autorun by creating a file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/777329
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cca3580005fea3f7e2b73fa7160826aa8c6d9e9be2fca3237d3c52752e0e67b3/
Threat name:
Win32.Dropper.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-05-10 07:36:17 UTC
AV detection:
16 of 46 (34.78%)
Threat level:
  3/5
Verdict:
suspicious
Similar samples:
0308f82062ffbdf951014014f02f46e09d8dc6eb1e8a90e364cec138ba165b98
0acde2ca52d8d5a8999f26b4ce04b42b48e10475ac2af7c7f593d9f5432232d2
313c10bb9543e370b3017177671899b850975eef576f643ca6648ecef512e114
4b868fc964243c1a814a6169489b060f4fcf5a47e0fe8e2a6f664c5c3f4aa95d
56afcf5ad421c5d9640cf2269c46cbbdc72f1161a08e32aa9eae41071d785edd
81d9143600e38e058a53b635574f2b8e64f5cb69c0832497ce13b98a26f0293f
98bf20a283219c4cc786234b7d389766fddbe3b095d13c9109f5406128e83103
b9850fb251862929fb23f494fc125ee143db76a09ac62d5d6ff80f83b417dd58
d337cba627486e1f99e4a96407591609d888c6656a4010b88047e7cd1ab19482
e90c8886bc7723eed8cbb99ed4ccaabbd76013cc203e8369de5e0f3e9b314beb
+ 979 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210510-jdbnklvxha/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
307299427b8c80155c9afefeb886081c134b95b689a32aaeb6ac5e7c30118f08
MD5 hash:
0bd7f77e9c95c4ed8acc4a6be9b4a516
SHA1 hash:
2e20ab32090ba4e846a533b5ded2e894f42b664a
Link:
https://www.unpac.me/results/5db481d7-25c7-4212-96c3-3a6d85d38758/
SH256 hash:
cca3580005fea3f7e2b73fa7160826aa8c6d9e9be2fca3237d3c52752e0e67b3
MD5 hash:
db74fc905e06765cdcbddbb88fbaa5c3
SHA1 hash:
d4e048308577fc202d5dd1ce2ce8f571e0dfef18
Link:
https://www.unpac.me/results/5db481d7-25c7-4212-96c3-3a6d85d38758/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cca3580005fea3f7e2b73fa7160826aa8c6d9e9be2fca3237d3c52752e0e67b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe cca3580005fea3f7e2b73fa7160826aa8c6d9e9be2fca3237d3c52752e0e67b3

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/153813/
  
URLhaus
https://urlhaus.abuse.ch/url/1212332/
  
Delivery method
Distributed via web download

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-10 08:11:30 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [C0027.009] Cryptography Micro-objective::RC4::Encrypt Data
1) [C0021.004] Cryptography Micro-objective::RC4 PRGA::Generate Pseudo-random Sequence
2) [C0049] File System Micro-objective::Get File Attributes
3) [C0051] File System Micro-objective::Read File
4) [C0050] File System Micro-objective::Set File Attributes
5) [C0052] File System Micro-objective::Writes File
6) [C0033] Operating System Micro-objective::Console
7) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
8) [C0040] Process Micro-objective::Allocate Thread Local Storage
9) [C0041] Process Micro-objective::Set Thread Local Storage Value
10) [C0018] Process Micro-objective::Terminate Process
11) [C0039] Process Micro-objective::Terminate Thread