MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3692d3823bd5e165d88e97bb2c2673489ff76fb873bb28543a2f233c9fe4ff9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3692d3823bd5e165d88e97bb2c2673489ff76fb873bb28543a2f233c9fe4ff9
SHA3-384 hash: Calculating hash
SHA1 hash: Calculating hash
MD5 hash: e40e748a063686a13f3df81182453bbc
humanhash: Calculating hash
File name:e40e748a063686a13f3df81182453bbc
Download: download sample
File size:1'105'408 bytes
First seen:2022-03-26 23:15:47 UTC
Last seen:2022-03-27 00:27:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash Calculating imphash
ssdeep Calculating ssdeep hash
Threatray 1'330 similar samples on MalwareBazaar
TLSH Calculating TLSH
telfhash Calculating telfhash
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
228
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/258099/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.32566.19790.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Creating a window
Launching a process
DNS request
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/11554/overview
Behaviour
MeasuringTime
SystemUptime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
azorult greyware packed
Link:
https://www.filescan.io/uploads/623f9ec81f20423948358394/reports/f0d8aa76-7fdc-4769-8c1b-82e8c67b50cf/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/daddffe4-0c22-4ce2-9cb4-6087fe590eb6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/965160
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
May use the Tor software to hide its network traffic
Multi AV Scanner detection for submitted file
Overwrites code with function prologues
Sigma detected: Suspicious Call by Ordinal
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Gathering data
Gathering data
Verdict:
malicious
Similar samples:
157757f5065076824ea142b1e3910b51326149a0a457f986cc4270b5fec1d319
2f43972540a6cae0eb4e50d142860bdc278b44b9b4606747c58e19383efa82f5
97a1dadc6e1ccaa807240649c63f175169b0badaf65be530e98ad7790d69fc1e
a71159cffa18ebb762f121760decde078c80061237c1f7bd3928787c258fba4f
c72aa9c4df96e6768a8a1db299a8e787ac729faa40c536fa4344f82d4670a947
c7a4fad10ef66516e492ab30d600be219ea259c4f0a42a3f664ae7b3cd94e2b7
d5faba20007266314cf176b9e49ccbc35c3fd2b0982fcd73f7b5794539b42e89
e1511e934906072c0717e68c0a05b04c61846f7ad15ce323b61f854a24c86b15
+ 1'320 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/220326-29a5eaeghl/
Behaviour
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Blocklisted process makes network request
suricata: ET MALWARE Danabot Key Exchange Request
Unpacked files
SH256 hash:
3c1ed5edfb28b3903590cd3e483099c333cdef6167cd5d826b0ae95369c44363
MD5 hash:
0c0da8194085ef7dcb2a712861d38be9
SHA1 hash:
6b914b4079d21ef6e9b4e56e491506dc2f4d8987
Link:
https://www.unpac.me/results/9225797a-564f-414a-b239-982abcbb81b3/
SH256 hash:
d3692d3823bd5e165d88e97bb2c2673489ff76fb873bb28543a2f233c9fe4ff9
MD5 hash:
e40e748a063686a13f3df81182453bbc
SHA1 hash:
7ad4ed4d27d166fcee303c38d0aeaa684e795909
Link:
https://www.unpac.me/results/9225797a-564f-414a-b239-982abcbb81b3/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/d3692d3823bd/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d3692d3823bd5e165d88e97bb2c2673489ff76fb873bb28543a2f233c9fe4ff9

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2115813/
Cape
Cape
https://www.capesandbox.com/analysis/258099/

Comments


Avatar
zbet commented on 2022-03-26 23:15:49 UTC

url : hxxp://23.106.123.56/root.exe