MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d22671c40188ffbee05210cfaf8e6679d001a9004d62342456899ab39bf7a917. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	d22671c40188ffbee05210cfaf8e6679d001a9004d62342456899ab39bf7a917
SHA3-384 hash:	6f33f119eafd56aa9ae67e27af3e50d9762834f8ac2988c45a6655c54c356b3f066aef63a4db8a7b8feca175ba59c3fe
SHA1 hash:	bdc61d3b2bd44b100ca482103eac3d1c56a1315a
MD5 hash:	0f315b6196e7c41e649262d54aaa268d
humanhash:	michigan-georgia-five-ceiling
File name:	0f315b6196e7c41e649262d54aaa268d.exe
Download:	download sample
File size:	235'008 bytes
First seen:	2021-07-22 15:42:06 UTC
Last seen:	2021-07-22 16:52:04 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f8220ac65423f0267d42ab4cbda2e1d4 (2 x RaccoonStealer, 1 x CryptBot, 1 x DanaBot)
ssdeep	6144:JGGmEiK2X4EFkm+0+seSTLI/LHoLyXaZl:JGGdptQkT0CSTIzQym
Threatray	343 similar samples on MalwareBazaar
TLSH	T14E34D0203580D473C0531A7058E6CBA1FB6EBC225FB98A2B379926EF5F712C2567F245
dhash icon	08b9b2b0e8c18c90 (11 x RaccoonStealer, 3 x RedLineStealer, 2 x DanaBot)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

23d06cb01b6fafde451493778bd4f0b0.exe

Verdict:

Malicious activity

Analysis date:

2021-07-22 15:46:26 UTC

Tags:

trojan stealer loader

Link:

https://app.any.run/tasks/a6469f37-f613-44da-a32f-fd03cc02ffde

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/173372/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware2.32413.30810.UNOFFICIAL

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

IntelRapid

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/1011e17c-6cbc-49da-87bb-a5a88a3233c4

Result

Threat name:

Clipboard Hijacker

Detection:

malicious

Classification:

spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/820258

Signature

Delayed program exit found

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected Clipboard Hijacker

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d22671c40188ffbee05210cfaf8e6679d001a9004d62342456899ab39bf7a917/

Threat name:

Win32.Dropper.Scrop

Status:

Malicious

First seen:

2021-07-22 13:37:41 UTC

AV detection:

19 of 28 (67.86%)

Threat level:

3/5

Verdict:

unknown

4b21de4f5c03de8e7e85bbdc317bd1050ba7bce099c1ba1cafb949ccadff90a2

6e3bf07d961efc686017f48cf2f847072cb35699dc24e44287d9e01274814ad4

6f8ce60168331070f8ca906c9c5e4d53e22b9b72a57c6e0c65bf6f83979d310f

7525f2c1ccec025adb8f773ab10ecd9cee7bacec9949a7415ad239cec969bfb8

78917f8c2ce40501bb4bf955f14e9f96dea7aa003bc6d21611d6c771a7df6a16

834ccdd87931ab88f011372377befbafda51abccff557c7dd3e01682580716fb

e2627edaef3e465cadfb84b250bc0d47cef26af5d2334e5f49ab38d8f919b511

e5dae08e748e408a4a256bd0c5d216281596a20399ea0127ac35b1661248b3ea

f2a7cc00ce9933490e51df2d5df9e7b0b2165c73297a9fa8a99fbf51b85926b8

+ 333 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210722-an7qtjx9qe/

Behaviour

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Drops startup file

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

cae2af36f866fed9753ecc423bf1cfb3d1b5f2c3179dddc1715d6c896812d669

MD5 hash:

0fcc3d7408dfb7b31d8e36982dab298c

SHA1 hash:

6ebe13e8565ab5cfc7f8eac8973c156531b2a1e2

Link:

https://www.unpac.me/results/a4b27abf-8464-442e-a9ee-c216a8fa7f42/

SH256 hash:

d22671c40188ffbee05210cfaf8e6679d001a9004d62342456899ab39bf7a917

MD5 hash:

0f315b6196e7c41e649262d54aaa268d

SHA1 hash:

bdc61d3b2bd44b100ca482103eac3d1c56a1315a

Link:

https://www.unpac.me/results/a4b27abf-8464-442e-a9ee-c216a8fa7f42/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d22671c40188ffbee05210cfaf8e6679d001a9004d62342456899ab39bf7a917

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe d22671c40188ffbee05210cfaf8e6679d001a9004d62342456899ab39bf7a917

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1472789/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/173372/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample