MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dbfcb39858d204c1cb35ea01fb3720cbeadd262eb300ee41050630c6087af7ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dbfcb39858d204c1cb35ea01fb3720cbeadd262eb300ee41050630c6087af7ae
SHA3-384 hash: d108384228f295f93c9392cef5856048a7b4e77d33b6a6ef2c2a6e78d74ce96c7dcb34f7289d944e3ff8b7823fbd0431
SHA1 hash: 3e5366fefe7a21a0b91428880708238fa455c13c
MD5 hash: c4afbaaa23a3346fd92cf6d078c59561
humanhash: fifteen-delta-cat-thirteen
File name:c4afbaaa23a3346fd92cf6d078c59561
Download: download sample
File size:415'232 bytes
First seen:2021-08-22 21:19:20 UTC
Last seen:2021-08-22 21:48:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a740faca4969ca85c5d64be386fb4390 (1 x RaccoonStealer, 1 x GCleaner)
ssdeep 12288:fNE8Vau4axhYcxc40ZCVHd4LJAKf5y0G0z:zVau44kWwZw0
Threatray 7 similar samples on MalwareBazaar
TLSH T11394DF34BBE0C035F5B712F055BA83B8A92A3AB1AB3450CFA2D516EE56346E4DC31357
dhash icon ead8ac9cc6e68ee0 (118 x RaccoonStealer, 102 x RedLineStealer, 46 x Smoke Loader)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c4afbaaa23a3346fd92cf6d078c59561
Verdict:
Malicious activity
Analysis date:
2021-08-22 21:21:32 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/d83fdf5b-3fbf-42b2-88c3-10da093ad283

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/181307/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen3.2354.1392.4962.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Creating a process from a recently created file
Creating a window
Connection attempt
Sending an HTTP GET request
Sending a UDP request
Deleting of the original file
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/220d34a3-ba6f-49dd-935e-68410a0bed5d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/837165
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 469596 Sample: yDodEZkWWM Startdate: 22/08/2021 Architecture: WINDOWS Score: 72 49 Multi AV Scanner detection for domain / URL 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 Machine Learning detection for sample 2->53 7 yDodEZkWWM.exe 3 2->7         started        process3 file4 29 C:\ProgramData\J2rt6Ps5Bd.exe, PE32 7->29 dropped 31 C:\...\J2rt6Ps5Bd.exe:Zone.Identifier, ASCII 7->31 dropped 10 J2rt6Ps5Bd.exe 20 7->10         started        14 WerFault.exe 9 7->14         started        17 WerFault.exe 9 7->17         started        19 5 other processes 7->19 process5 dnsIp6 45 193.56.146.55, 49714, 49715, 49716 LVLT-10753US unknown 10->45 47 192.168.2.1 unknown unknown 10->47 55 Multi AV Scanner detection for dropped file 10->55 57 Machine Learning detection for dropped file 10->57 21 WerFault.exe 10->21         started        23 WerFault.exe 10->23         started        25 WerFault.exe 10->25         started        27 WerFault.exe 10->27         started        33 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 14->33 dropped 35 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 17->35 dropped 37 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 19->37 dropped 39 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 19->39 dropped 41 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 19->41 dropped 43 2 other malicious files 19->43 dropped file7 signatures8 process9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dbfcb39858d204c1cb35ea01fb3720cbeadd262eb300ee41050630c6087af7ae/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-08-22 21:20:10 UTC
AV detection:
16 of 46 (34.78%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1a512b670911187dd2cc6a04b8da5d96b70df6129234b4fd97e30fcda7470365
4cca9091484e1b53c182d79607fe3c334c19176a1d5f8f91624c3565e24f49b8
8f5b300680db95b545347229941acb9113690ab187cd7ac7b2cc601b9e31a205
91dd3fa11964f4432bb43ee5f63580d53ba35dfdcfd5d8ec1b0e00f3f7b20258
a050c0bd12d9a09611dbce5d20787e37f907996908edb311570530feab91efed
c84efa5991ab32373624d35d1cf4921ea0f9c2eb52d5703d059d5cba39280087
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210822-xnf1dm2vj6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Deletes itself
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
ed08cb5a40ff40bfa398b1a3ac6d2ab9cc92b56e971287c94463dd389fb5f26a
MD5 hash:
d299991063d72d9e2b9d93f6cc1cb70d
SHA1 hash:
48c115b11a614aeb6c7575bc0e7966a4d4cc7cb2
Link:
https://www.unpac.me/results/4aa87b0b-cbc2-4d78-b4aa-c2160f5db450/
SH256 hash:
dbfcb39858d204c1cb35ea01fb3720cbeadd262eb300ee41050630c6087af7ae
MD5 hash:
c4afbaaa23a3346fd92cf6d078c59561
SHA1 hash:
3e5366fefe7a21a0b91428880708238fa455c13c
Link:
https://www.unpac.me/results/4aa87b0b-cbc2-4d78-b4aa-c2160f5db450/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dbfcb39858d204c1cb35ea01fb3720cbeadd262eb300ee41050630c6087af7ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe dbfcb39858d204c1cb35ea01fb3720cbeadd262eb300ee41050630c6087af7ae

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/181307/
  
URLhaus
https://urlhaus.abuse.ch/url/1525305/
  
URLhaus
https://urlhaus.abuse.ch/url/1529939/
  
URLhaus
https://urlhaus.abuse.ch/url/1524012/
  
URLhaus
https://urlhaus.abuse.ch/url/1523998/

Comments


Avatar
zbet commented on 2021-08-22 21:19:21 UTC

url : hxxp://193.56.146.55/Api/GetFile3/