MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d81975e6928bab57ee1e4aec83dc6e87e19fb2155ad92e21c36fe48dfa79d641. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d81975e6928bab57ee1e4aec83dc6e87e19fb2155ad92e21c36fe48dfa79d641
SHA3-384 hash: 984517cc659e16c6c0ab1389ece21f6feb484dd57e2a7deda6a6bbfb1aa56b5966fdaf26601754ac61e60ba3a98afc68
SHA1 hash: eb427b4c99e7eaa6c707d6ff6895b510690dc6a4
MD5 hash: 1c51405e588a5b2ffef997bf2d2e60a0
humanhash: quiet-timing-golf-speaker
File name:6zfAiYDq3alfpMjByDJSwPCR.bin
Download: download sample
File size:1'902'747 bytes
First seen:2023-07-19 03:33:45 UTC
Last seen:2023-07-19 03:37:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash aac51396886833dc961fcd7aab7711e4 (11 x NetSupport, 7 x DCRat, 4 x njrat)
ssdeep 49152:zeweFLpaQ9xvcJO3bRtYtY0a7CEZnCYUc:zneFhWauY0S9Ce
Threatray 603 similar samples on MalwareBazaar
TLSH T12E95230179C08AF1E02634735F261F60D57DBC206F66CAEB3394192ECE664D15B36BAE
TrID 91.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.6% (.EXE) Win64 Executable (generic) (10523/12/4)
1.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
0.6% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter JAMESWT_WT
Tags:exe FruitMiX

Intelligence

File Origin
# of uploads :
2
# of downloads :
266
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6zfAiYDq3alfpMjByDJSwPCR.bin
Verdict:
Suspicious activity
Analysis date:
2023-07-19 03:40:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b5ba6f64-8322-4f2c-95b2-0b736f86932e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/424416/
Detection(s):
Win.Malware.Uztuby-9979905-0
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware lolbin masquerade overlay packed packed replace setupapi shdocvw shell32
Link:
https://www.filescan.io/uploads/64b759af46e64860de105b97/reports/4e401b0f-0fde-4e4a-9af1-d86913fa5af4/overview
Verdict:
Malicious
Labled as:
Trojan.Ciusky.Generic
Link:
https://www.hybrid-analysis.com/sample/d81975e6928bab57ee1e4aec83dc6e87e19fb2155ad92e21c36fe48dfa79d641
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5a891f18-5fc3-412e-bb45-5c5f51d049fe
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1275600
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1275600 Sample: 6zfAiYDq3alfpMjByDJSwPCR.bin.exe Startdate: 19/07/2023 Architecture: WINDOWS Score: 60 24 Multi AV Scanner detection for submitted file 2->24 26 Machine Learning detection for sample 2->26 28 Machine Learning detection for dropped file 2->28 9 6zfAiYDq3alfpMjByDJSwPCR.bin.exe 3 8 2->9         started        process3 file4 22 C:\Users\user\AppData\Local\...\LjtdWS~o.cpl, PE32 9->22 dropped 12 control.exe 1 9->12         started        process5 process6 14 rundll32.exe 12->14         started        signatures7 32 Tries to detect sandboxes / dynamic malware analysis system (file name check) 14->32 17 rundll32.exe 14->17         started        process8 process9 19 rundll32.exe 17->19         started        signatures10 30 Tries to detect sandboxes / dynamic malware analysis system (file name check) 19->30
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d81975e6928bab57ee1e4aec83dc6e87e19fb2155ad92e21c36fe48dfa79d641/
Threat name:
Win32.Trojan.Ciusky
Create hunting rule
Status:
Malicious
First seen:
2023-07-19 03:29:12 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
14 of 38 (36.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3amxlzusrovvp3q6jlwihxdoq7qz7mqvllms4iodn7si36tz2zaq._file
Verdict:
malicious
Similar samples:
2742148f16a138218cc03322bfdc622361f424c767de16badec3f569450d738c
38e48e1967243e151457e75a0b17b04d65a840308d68cf116da52c2fa944f330
43d1c7d70506db33b4db5a3f27582e1f1493b69b6d2493756c88f550529ca969
5b7d0ba935c00115f524c0eb840e29dd45c212c6fd647c8cec8a89598f4b2090
6c51139a5f272db52f58adb10074de00bf1046033d0ae970b924499e0dc4390f
6fa95e4e25eb2cf60595af08ca20573f260e87b40a8202bbcfeb439634f0aeb6
811566c02b85bfff2c60105b3638aa7a7d906658c1fc1fd0e2f5112dfcb492be
8bd89781eaebac4530248445e3e08a075853b1a798ed99b8df575980a2eab909
a4428ea2a84c197502595fa85062995ea128355f66d695b76c8911bd6c519bef
eac6ff3966275b86a58143011c6e59ca907dc55ef3e533b089cf376bbceb0572
+ 593 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230719-d4ryzafe69/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
00c88d648d3ee12a807566edc7636b2dda3c1bebe1bfd6ebb382c92fe1e02b75
MD5 hash:
109bbbc448d6f309909170cd22fbbb6e
SHA1 hash:
afbfc909e73182950f0690cf003f89bbac7cd89a
Link:
https://www.unpac.me/results/b9dfe3ee-e9a5-475e-b89c-be68d1d0c807/
SH256 hash:
d81975e6928bab57ee1e4aec83dc6e87e19fb2155ad92e21c36fe48dfa79d641
MD5 hash:
1c51405e588a5b2ffef997bf2d2e60a0
SHA1 hash:
eb427b4c99e7eaa6c707d6ff6895b510690dc6a4
Link:
https://www.unpac.me/results/b9dfe3ee-e9a5-475e-b89c-be68d1d0c807/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d81975e6928bab57ee1e4aec83dc6e87e19fb2155ad92e21c36fe48dfa79d641

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d81975e6928bab57ee1e4aec83dc6e87e19fb2155ad92e21c36fe48dfa79d641

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/424416/
  
URLhaus
https://urlhaus.abuse.ch/url/2685551/
  
Delivery method
Distributed via web download

Comments