MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf079851e9a6655cd8cbcc53142b96e7b3b02b57cce859023bde447a1c01fc76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf079851e9a6655cd8cbcc53142b96e7b3b02b57cce859023bde447a1c01fc76
SHA3-384 hash: 05634d3cfea3f9b6c3556a5a00124f2a43fe0292654d0284b3bbde566168bd63f821f98c0802d6ca8fa7be49792ea1db
SHA1 hash: 7371d47e2d3b406fb7e333eba042cc94a01ed818
MD5 hash: baf15279ad83101726972879ee900873
humanhash: lemon-seven-ack-four
File name:baf15279ad83101726972879ee900873.exe
Download: download sample
File size:327'680 bytes
First seen:2023-10-17 10:51:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8c347d587a6b42414b9cc837958b02c5 (20 x RedLineStealer, 3 x Amadey, 2 x Formbook)
ssdeep 6144:7+K3l99cV4EvoDQYWhYmh+oP7XavubpF/1hcNQdqxnd:yK199lqWmHPDavipF/1qN8qxnd
Threatray 447 similar samples on MalwareBazaar
TLSH T19664BE83B8E4D030EA79C43145417A21DA3DE7272F24AF53465F4BF31B64BD28A65CBA
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
310
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/455282/
Detection(s):
Win.Trojan.Pwsx-10011340-0
Create hunting rule

Win.Trojan.Trojanx-10011459-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Gathering data
Verdict:
Likely Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control greyware lolbin mokes
Link:
https://www.filescan.io/uploads/652e6753422e14c65a912c55/reports/3f0720ca-a97f-4089-b1d9-3e7489553120/overview
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/cf079851e9a6655cd8cbcc53142b96e7b3b02b57cce859023bde447a1c01fc76
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a7b6db01-e37e-4b91-aff8-747f4d7e11c3
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1327200
Signature
Allocates memory in foreign processes
Antivirus detection for URL or domain
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/cf079851e9a6655cd8cbcc53142b96e7b3b02b57cce859023bde447a1c01fc76
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cf079851e9a6655cd8cbcc53142b96e7b3b02b57cce859023bde447a1c01fc76/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2023-10-17 01:24:53 UTC
File Type:
PE (Exe)
AV detection:
20 of 23 (86.96%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z4dzqupjuzsvzwglzrjrik4w46z3ak2xztufsar33zchuhab7r3a._file
Verdict:
malicious
Similar samples:
1e346cbc6f167146aeedc8402c1289dbef63c90d853a74c0ca45dcec7695d054
415109a24046048bc1d74abd2945c1476d4c8c308148a8c2f99e27acfe8b97df
43700603e556ac1aa114a795ae011c87ce432b27f53219c9f3ace8e96eafebc0
5118e477923a5fc34de07ddc0d204a3bfbc20580cdbb94a034620a7d1d3b2310
5266391e5f6b2e116ca5ad77381cd5f469cc6c7a2f0a09ee71cf612f1667209d
8d8e53d7e6b78493b1abf7fb862715071a6f0226a6d80e8d45159db576d1922a
8ffb7be41e2bf10c6a02278c18c6e6774515546def735345897347cde15c9f31
d173b56cc37d26af7e2990037313a11d3811d90e4386ce2a957aef74840286f5
d2a086b5dae7e9da84b9aad1a5394de531a75e1246daf2fdad7710479a7bbec4
fa2c5bfc2586c71cc1822bd5d4a4ea7ee70d4a2815cf4ca7e1eb15b8104c18eb
+ 437 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/231017-mydzlach69/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
5c59db3277aefb761d4b814aaf5f5acd1fd1a0ea154dc565c78b082a3df4566e
MD5 hash:
53e28e07671d832a65fbfe3aa38b6678
SHA1 hash:
6f9ea0ed8109030511c2c09c848f66bd0d16d1e1
Link:
https://www.unpac.me/results/ade7003a-5422-4167-bc3a-e54a02debf65/
SH256 hash:
cf079851e9a6655cd8cbcc53142b96e7b3b02b57cce859023bde447a1c01fc76
MD5 hash:
baf15279ad83101726972879ee900873
SHA1 hash:
7371d47e2d3b406fb7e333eba042cc94a01ed818
Link:
https://www.unpac.me/results/ade7003a-5422-4167-bc3a-e54a02debf65/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cf079851e9a6655cd8cbcc53142b96e7b3b02b57cce859023bde447a1c01fc76

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:NET
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe cf079851e9a6655cd8cbcc53142b96e7b3b02b57cce859023bde447a1c01fc76

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2719349/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/455282/

Comments