MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd4c5bcf210986932cb1c441b7a00b2dfa08c40fc5db27fdb84f03b945af5a84. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd4c5bcf210986932cb1c441b7a00b2dfa08c40fc5db27fdb84f03b945af5a84
SHA3-384 hash: b49bf7719fac6b97b1587372f04107b760a884410478df8d56f4023c34cdeaf2a8dd9f2396caade6a310f353b8830634
SHA1 hash: 6e907c3fe8b98840eb95de0c994dc15d035c4461
MD5 hash: 743e501b231f0f5c0f844230e94bd694
humanhash: cola-cold-yellow-lima
File name:743e501b231f0f5c0f844230e94bd694
Download: download sample
File size:82'944 bytes
First seen:2021-10-01 14:44:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d59a4a699610169663a929d37c90be43 (75 x DCRat, 22 x njrat, 15 x SalatStealer)
ssdeep 768:RBKTDfrNJ0e2jLBrzJegUSwB3/+QyXTJUZbpEh5qMB3+w66Xb7Q:RBqDTNaTfBrzJPUK5UOqMBjFfQ
Threatray 56 similar samples on MalwareBazaar
TLSH T1D0836B4BF212BCF3D63191B449A9923977E62F107F22FA3AEF85776C5833049553A112
File icon (PE):PE icon
dhash icon 10d0c4c8ccccd010 (8 x AgentTesla, 1 x OskiStealer, 1 x AveMariaRAT)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
743e501b231f0f5c0f844230e94bd694
Verdict:
Malicious activity
Analysis date:
2021-10-01 17:45:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/077f31d7-1c60-4bd5-88bf-01eb789ff1d0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/194020/
Detection(s):
Win.Keylogger.Clipbanker-9883266-0
Create hunting rule

Win.Keylogger.Clipbanker-9883267-0
Create hunting rule

Win.Trojan.Injector-6297685-1
Create hunting rule

Win.Trojan.Agent-345883
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Launching a process
Creating a window
Creating a process from a recently created file
Running batch commands
Creating a process with a hidden window
Malware family:
KeyBase
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/91140489-c00e-4d16-9507-883bf602ec1c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/862768
Signature
Antivirus / Scanner detection for submitted sample
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 495196 Sample: Htk4FIFMCM Startdate: 01/10/2021 Architecture: WINDOWS Score: 80 42 Antivirus / Scanner detection for submitted sample 2->42 44 Multi AV Scanner detection for dropped file 2->44 46 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->46 48 2 other signatures 2->48 8 Htk4FIFMCM.exe 9 3 2->8         started        11 service.exe 1 2->11         started        process3 file4 34 C:\Users\user\...\clipperalejandro.exe, PE32 8->34 dropped 14 clipperalejandro.exe 2 8->14         started        18 WINWORD.EXE 32 30 8->18         started        36 C:\Windows\SysWOW64\TEMP\service.exe (copy), PE32 11->36 dropped 52 Multi AV Scanner detection for dropped file 11->52 21 cmd.exe 1 11->21         started        signatures5 process6 dnsIp7 38 C:\Users\user\AppData\Local\...\service.exe, PE32 14->38 dropped 54 Multi AV Scanner detection for dropped file 14->54 23 cmd.exe 1 14->23         started        40 192.168.2.1 unknown unknown 18->40 26 conhost.exe 21->26         started        28 schtasks.exe 1 21->28         started        file8 signatures9 process10 signatures11 50 Uses schtasks.exe or at.exe to add and modify task schedules 23->50 30 conhost.exe 23->30         started        32 schtasks.exe 1 23->32         started        process12
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd4c5bcf210986932cb1c441b7a00b2dfa08c40fc5db27fdb84f03b945af5a84/
Threat name:
Win32.Trojan.Dorv
Create hunting rule
Status:
Malicious
First seen:
2021-09-30 04:47:36 UTC
AV detection:
41 of 45 (91.11%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
02cc17250b31fad5f305a6336430bc862392b79384acf7523178bb2178c422ce
10a5bbeeb39216bde492a246b1b003bcb2d7c0895dea287b5f8ad4f3428ef3cc
293e9d691076d1b23090f9df8a3605b61448dc83126990cbde71ff97563bbc1a
3b17e1d94b70f6d8fc6b56071259a9affacc235a92d7a772b27ddd0c01783d4a
4322b25b29f160a08e809764a5dd86deda2289623331867004f85a905ce47769
53d8f435075a3f419aff2ea631201f02d682a2ed92fc3bbb265faac63c5cbbdc
5a365cea38015694af35724920fdc42f98d84e93586d18ad7a1fe83d1687366b
7a95c10e5a3917541991a52cf49418b3bab58602a12bf702e85c24bf108c7e7c
f303ccc5cdf05114cedee459d0f66bf3b428e19054e2e3f1f001d945332ab6c0
fecbd8f95e06216e7c1ba26d4f9e9cfa33d717c56667cb2834a6493b9b53b347
+ 46 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211001-r4rj4acacm/
Behaviour
Checks processor information in registry
Creates scheduled task(s)
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Office loads VBA resources, possible macro or embedded object present
Enumerates physical storage devices
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
f907988f7277dc2dd139defed7aad8720657169a46e7537dfae934f5befdc8aa
MD5 hash:
4a8cd8ed133bb548c6f8bbab3d406030
SHA1 hash:
03520722d97150c8653b9bd8a114127283ce0037
Link:
https://www.unpac.me/results/b55a0c05-5510-4dae-be8d-eed938e063aa/
SH256 hash:
cd4c5bcf210986932cb1c441b7a00b2dfa08c40fc5db27fdb84f03b945af5a84
MD5 hash:
743e501b231f0f5c0f844230e94bd694
SHA1 hash:
6e907c3fe8b98840eb95de0c994dc15d035c4461
Link:
https://www.unpac.me/results/b55a0c05-5510-4dae-be8d-eed938e063aa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cd4c5bcf210986932cb1c441b7a00b2dfa08c40fc5db27fdb84f03b945af5a84

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe cd4c5bcf210986932cb1c441b7a00b2dfa08c40fc5db27fdb84f03b945af5a84

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/194020/
  
URLhaus
https://urlhaus.abuse.ch/url/1650472/

Comments


Avatar
zbet commented on 2021-10-01 14:44:59 UTC

url : hxxp://176.31.32.199/111t.exe