MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2942eaaf4d2bffa753dd503f62e9e598d359f08169af966664b7d854e3b12c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CryptOne


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2942eaaf4d2bffa753dd503f62e9e598d359f08169af966664b7d854e3b12c7
SHA3-384 hash: ef7be4f66d92ef7a6a8da1ac09bfd975e0d72104a99ad455bf713e9e161f2b869938293a09debab1cbc3fd6c34298027
SHA1 hash: c05653d41e2229b74ef6ed86af8bd180b416a4a4
MD5 hash: 03cbe45a920673f045543ca2edf6b194
humanhash: october-maine-eighteen-lake
File name:03cbe45a920673f045543ca2edf6b194.exe
Download: download sample
Signature CryptOne
Create hunting rule
File size:1'969'125 bytes
First seen:2023-07-12 06:07:30 UTC
Last seen:2023-07-12 06:43:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0e806fd55a4f41060c8e206a25d6875a (10 x CryptOne)
ssdeep 49152:W+Whq+BfJXAEEEZOExnvEIcAwOXZ5M7QwJYTmsjfc:W+Whq+BfKEZZOivE6vnM0wJYTmsjfc
Threatray 594 similar samples on MalwareBazaar
TLSH T17E95230373D485B2E6771E364B7563206A7DB8304F748A8BA3A1891EF921CC1D736B67
TrID 88.3% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
4.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
2.0% (.EXE) Win32 Executable (generic) (4505/5/1)
0.9% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon b3b3b371716b93b3 (25 x CryptOne, 12 x RemcosRAT, 6 x RedLineStealer)
Reporter abuse_ch
Tags:CryptOne exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
282
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
03cbe45a920673f045543ca2edf6b194.exe
Verdict:
Suspicious activity
Analysis date:
2023-07-12 06:18:56 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ae8c4868-127e-4d3d-817b-d8babab9f2a4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/416267/
Detection(s):
SecuriteInfo.com.Trojan.Uztuby.2.20512.1516.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the %temp% directory
Launching a process
Sending a custom TCP request
Gathering data
Verdict:
Malicious
Labled as:
Trojan.Uztuby
Link:
https://www.hybrid-analysis.com/sample/d2942eaaf4d2bffa753dd503f62e9e598d359f08169af966664b7d854e3b12c7
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fd8d7e81-886e-4cd5-86a4-0c4bb09b4d56
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1271436
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1271436 Sample: SpNFcV8csX.exe Startdate: 12/07/2023 Architecture: WINDOWS Score: 68 24 Multi AV Scanner detection for dropped file 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 Machine Learning detection for sample 2->28 30 Machine Learning detection for dropped file 2->30 9 SpNFcV8csX.exe 8 2->9         started        process3 file4 22 C:\Users\user\AppData\Local\Temp\FsPj.V, PE32 9->22 dropped 12 control.exe 1 9->12         started        process5 process6 14 rundll32.exe 12->14         started        signatures7 34 Tries to detect sandboxes / dynamic malware analysis system (file name check) 14->34 17 rundll32.exe 14->17         started        process8 process9 19 rundll32.exe 17->19         started        signatures10 32 Tries to detect sandboxes / dynamic malware analysis system (file name check) 19->32
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d2942eaaf4d2bffa753dd503f62e9e598d359f08169af966664b7d854e3b12c7/
Threat name:
Win32.Trojan.Fauppod
Create hunting rule
Status:
Malicious
First seen:
2023-07-11 13:00:59 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
15 of 23 (65.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2kkc5kxu2k77u5j52ub7mlu6lggtlhyic2npsztgjn6yktr3cldq._file
Verdict:
malicious
Similar samples:
0a0c50dbc5d0c9811bfd0552ddd075e0e1df2cf07049cc546e41f9bf08cb8290
CryptOne
2ca379c11ebd765c2ce3cfffaa06598e23a52ac5e78f9e757d4f6f77311d6c8d
CryptOne
4508befe4b8012035c52c7aaccbe89b9f75919bdcc86feb8fe79ae01fdea8179
CryptOne
5cf55c9824d5c162a1f18f76c5b146a5c703b0d234c984045ac5849026411792
CryptOne
6c51139a5f272db52f58adb10074de00bf1046033d0ae970b924499e0dc4390f
CryptOne
c4185edddd23b3eea055e7036122c20162dbe47b6b4bed05e471f01594256851
CryptOne
cf76ac64d1038d54fa178a67712a4916e021b6b381241b44c2ceed7428ba4692
CryptOne
db460c5aa2fac933fb349df4a547a31a78b5d5e39f0df6bca9746a50c45ad309
CryptOne
+ 584 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230712-gvw34sdb3w/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
f144d1849c440f0d74db27a45155f6dff46e487524e817b1761cdb1a254d03bf
MD5 hash:
84a1047bea53b50788e992c11212e0d6
SHA1 hash:
400354b8d2c8e6adb61f7dc4380bfd9aa9dc1486
Link:
https://www.unpac.me/results/27ec94a2-af9b-4643-ad24-dfed453bbb07/
SH256 hash:
d2942eaaf4d2bffa753dd503f62e9e598d359f08169af966664b7d854e3b12c7
MD5 hash:
03cbe45a920673f045543ca2edf6b194
SHA1 hash:
c05653d41e2229b74ef6ed86af8bd180b416a4a4
Link:
https://www.unpac.me/results/27ec94a2-af9b-4643-ad24-dfed453bbb07/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/416267/

Comments