MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1f832dc7b20055b7ac1f2b31e7127654eb70dcb5249ec8aa1180150efc16321. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CryptOne


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1f832dc7b20055b7ac1f2b31e7127654eb70dcb5249ec8aa1180150efc16321
SHA3-384 hash: 5eec4c1dbe45194833187471329afb965ea26bb70a235affe57f690d0f3c7b922b89f29187bdbaa6a6800df0fada6ddb
SHA1 hash: f945331ba98379848e9fcc4fbb1f591391edf028
MD5 hash: c22b20974498e9db3dfbd94ac5375058
humanhash: seven-sweet-fanta-mars
File name:c22b20974498e9db3dfbd94ac5375058.exe
Download: download sample
Signature CryptOne
Create hunting rule
File size:1'790'575 bytes
First seen:2023-07-24 15:23:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0e806fd55a4f41060c8e206a25d6875a (10 x CryptOne)
ssdeep 49152:2fWhNaBfJXAE3JnOnpiMI30hLWgF2b9s3JDlQUp:2fWhNaBfKEFOnpiMy0hLn0GZmUp
Threatray 577 similar samples on MalwareBazaar
TLSH T13285230336C544B2C1635E321FA5AB31A57DB9704F54CACF53C1AC9EED60AC1AB31BA6
TrID 88.3% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
4.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
2.0% (.EXE) Win32 Executable (generic) (4505/5/1)
0.9% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon b3b3b371716b93b3 (25 x CryptOne, 12 x RemcosRAT, 6 x RedLineStealer)
Reporter abuse_ch
Tags:CryptOne exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
287
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/431240/
Detection(s):
SecuriteInfo.com.Trojan.Uztuby.4.18662.10583.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the %temp% directory
Launching a process
Sending a custom TCP request
Gathering data
Verdict:
Malicious
Labled as:
Trojan.Uztuby
Link:
https://www.hybrid-analysis.com/sample/d1f832dc7b20055b7ac1f2b31e7127654eb70dcb5249ec8aa1180150efc16321
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/0a514dda-0212-4f6d-9b86-7ac4151d6810
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1278647
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1278647 Sample: 8ciSuD1SsM.exe Startdate: 24/07/2023 Architecture: WINDOWS Score: 64 25 Multi AV Scanner detection for dropped file 2->25 27 Multi AV Scanner detection for submitted file 2->27 29 Machine Learning detection for sample 2->29 31 Machine Learning detection for dropped file 2->31 9 8ciSuD1SsM.exe 3 8 2->9         started        process3 file4 21 C:\Users\user\AppData\Local\Temp\V09O9J.cpl, PE32 9->21 dropped 12 control.exe 1 9->12         started        process5 dnsIp6 23 192.168.2.1 unknown unknown 12->23 15 rundll32.exe 12->15         started        process7 process8 17 rundll32.exe 15->17         started        process9 19 rundll32.exe 17->19         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d1f832dc7b20055b7ac1f2b31e7127654eb70dcb5249ec8aa1180150efc16321/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2023-07-24 12:43:06 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2h4dfxd3eacvw6wb6kzr44jhmvhlodolkje6zcvbdaavb36bmmqq._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
0a0c50dbc5d0c9811bfd0552ddd075e0e1df2cf07049cc546e41f9bf08cb8290
CryptOne
2ca379c11ebd765c2ce3cfffaa06598e23a52ac5e78f9e757d4f6f77311d6c8d
CryptOne
4508befe4b8012035c52c7aaccbe89b9f75919bdcc86feb8fe79ae01fdea8179
CryptOne
57962d6e4dea092778ca4b98d68ee62d11a8cfa88fd7fd7b89cb97fba2193355
CryptOne
c4185edddd23b3eea055e7036122c20162dbe47b6b4bed05e471f01594256851
CryptOne
cf76ac64d1038d54fa178a67712a4916e021b6b381241b44c2ceed7428ba4692
CryptOne
db460c5aa2fac933fb349df4a547a31a78b5d5e39f0df6bca9746a50c45ad309
CryptOne
e957d3e1de2f0f5527a2736c4ee40d50686d9ca4e00b1d1c4ed955f38f1c3078
CryptOne
f98b508204277a79f6eafac8ffde71c4e2fa6a760ff7edba567bd2f970aafeaa
CryptOne
+ 567 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230724-ss15tsfd2z/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
f65f5fc313452853a7cee0ce3809dd68b7b12732f1ebe1a571a433284946e715
MD5 hash:
f3ad951679009ad3b4fc6ecf52c45865
SHA1 hash:
aeb3f826ec5d05e7ec97b4709877375580d0ff8e
Link:
https://www.unpac.me/results/10c2a815-b666-4547-8232-0a1d906dbd7a/
SH256 hash:
d1f832dc7b20055b7ac1f2b31e7127654eb70dcb5249ec8aa1180150efc16321
MD5 hash:
c22b20974498e9db3dfbd94ac5375058
SHA1 hash:
f945331ba98379848e9fcc4fbb1f591391edf028
Link:
https://www.unpac.me/results/10c2a815-b666-4547-8232-0a1d906dbd7a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d1f832dc7b20055b7ac1f2b31e7127654eb70dcb5249ec8aa1180150efc16321

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CryptOne

Executable exe d1f832dc7b20055b7ac1f2b31e7127654eb70dcb5249ec8aa1180150efc16321

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2685099/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/431240/

Comments