MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cee393c9905158fa8ef02e7eb0d31e23a6636d3e294b39bbc7a383ff7d3b3d01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cee393c9905158fa8ef02e7eb0d31e23a6636d3e294b39bbc7a383ff7d3b3d01
SHA3-384 hash: 6c76daf59b41af76fb274dd775b4a9acfa448c31b2c75aed506975a302eb6643718cba6ec07fea0bd7a486cf8c0824b7
SHA1 hash: c1e4bfdfba3f54e71482907137b90144ed7636be
MD5 hash: feec8f179a3ce01660b5b2dcc2ad71eb
humanhash: berlin-kentucky-lamp-illinois
File name:feec8f179a3ce01660b5b2dcc2ad71eb
Download: download sample
File size:1'499'136 bytes
First seen:2022-08-23 11:59:50 UTC
Last seen:2022-08-23 12:45:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash dd865162cc64966a29e130ee64b6e22a
ssdeep 12288:K6N+MT8KLApX5jy6AShqTbby1Z7vaeAq5JS/t0N6GD:K6zgoApJjy6AShqGm482
Threatray 2 similar samples on MalwareBazaar
TLSH T17565389D33E8BB3EE01AD3BC5124AD1D919CFDB1A1C584CDE7007B9935F86829B24987
TrID 75.8% (.EXE) Win32 Executable Microsoft Visual Basic 6 (82067/2/8)
9.7% (.EXE) Win64 Executable (generic) (10523/12/4)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
4.1% (.EXE) Win32 Executable (generic) (4505/5/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
253
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
feec8f179a3ce01660b5b2dcc2ad71eb
Verdict:
Suspicious activity
Analysis date:
2022-08-23 12:10:48 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/62c07b86-e95d-4a3f-841a-b09afdc1905e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/300507/
Detection(s):
SecuriteInfo.com.Variant.Banker.17.21220.17228.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Unauthorized injection to a recently created process
Searching for synchronization primitives
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6304c1cec7e5977f84e5dd8e/reports/035c88ef-8554-47a0-8cba-0f9b2fe7f84f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4fcdd290-8611-4f2f-944c-67dded438074
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1056209
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to detect sleep reduction / modifications
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential malicious icon found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cee393c9905158fa8ef02e7eb0d31e23a6636d3e294b39bbc7a383ff7d3b3d01/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-08-22 19:41:33 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 40 (55.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z3rzhsmqkfmpvdxqfz7lbuy6eotgg3j6ffftto6huob767j3huaq._file
Verdict:
malicious
Similar samples:
523bf45e4e7511b39fc1b016741a8f34f7356e7786ea6078c7b96024dd1ba4e4
c3eda05cc7329666850fa4f4139c74fc7af1c512644293b8230b3fd593baf6ec
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/220823-n6b1msecgn/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Enumerates connected drives
Unpacked files
SH256 hash:
ac21feb1adb540beffd570016d918c71345a3a91b299056205f8135996fa1482
MD5 hash:
3593a29b60119c8e2b4a7a500d596539
SHA1 hash:
cb29e6500d3e68091da548eab5cea0cad2715054
Link:
https://www.unpac.me/results/382a8b73-c23f-4d7b-b14e-d80c0a8e9b46/
SH256 hash:
cee393c9905158fa8ef02e7eb0d31e23a6636d3e294b39bbc7a383ff7d3b3d01
MD5 hash:
feec8f179a3ce01660b5b2dcc2ad71eb
SHA1 hash:
c1e4bfdfba3f54e71482907137b90144ed7636be
Link:
https://www.unpac.me/results/382a8b73-c23f-4d7b-b14e-d80c0a8e9b46/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.44
Link:
https://yomi.yoroi.company/submissions/cee393c9905158fa8ef02e7eb0d31e23a6636d3e294b39bbc7a383ff7d3b3d01

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe cee393c9905158fa8ef02e7eb0d31e23a6636d3e294b39bbc7a383ff7d3b3d01

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2275973/
Cape
Cape
https://www.capesandbox.com/analysis/300507/

Comments


Avatar
zbet commented on 2022-08-23 12:00:00 UTC

url : hxxp://37.139.129.142/htdocs/yADKJroBNGsMJLc.exe