MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc3b1cd6cc70e681b959bf718ba3a91ac4d5f6c0dfe49fa6ef0f6a7092a5690d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc3b1cd6cc70e681b959bf718ba3a91ac4d5f6c0dfe49fa6ef0f6a7092a5690d
SHA3-384 hash: f3adfcb9b6bede2808d915b3b0d20d7d8d93d1e9341da0215fa6f3560290e0807d2a9f51f4b9db3c40110cca9c828541
SHA1 hash: 9ee086718138d2b7a052cc3326f8719af7effa3e
MD5 hash: fb14605bdb6b53e1307945ade010e372
humanhash: winner-quebec-charlie-oven
File name:fb14605bdb6b53e1307945ade010e372
Download: download sample
File size:2'964'992 bytes
First seen:2022-09-22 15:45:02 UTC
Last seen:2022-09-22 18:02:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6f462fcc6b830b77fb3fef2add9dc570 (9 x CoinMiner, 3 x BitRAT, 2 x XWorm)
ssdeep 49152:A1Uj263BTMavG41N71dJ0SYNJZyMEh0XwGqXbddmNj9tBL+SEfigAs5I5FGFD:A1Uj263BTnz1xTjk42w1X7Mj9b6LfigZ
Threatray 415 similar samples on MalwareBazaar
TLSH T1BDD533A1E9FFA04DEB2334B607C2D77AB015E26467FFE71E2B3142602849356177864E
TrID 40.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
16.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
12.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.0% (.EXE) Win32 Executable (generic) (4505/5/1)
5.0% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
326
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fb14605bdb6b53e1307945ade010e372
Verdict:
Malicious activity
Analysis date:
2022-09-22 15:45:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/63fffa60-24c2-4806-88f3-e256c866bcde

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/312398/
Detection(s):
SecuriteInfo.com.Variant.Lazy.223478.8965.12161.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Searching for synchronization primitives
Creating a file
Sending a custom TCP request
Searching for the window
Creating a file in the %temp% directory
Сreating synchronization primitives
Creating a process from a recently created file
Creating a process with a hidden window
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/38491/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
coinminer dcrat nitol packed shell32.dll tiny
Link:
https://www.filescan.io/uploads/632c837f12db32f024683f1e/reports/33b4b103-7af7-494d-bb20-ecc413c1140f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0ca76a1a-9629-48f7-a2e1-1eb94ca66069
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1075437
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 707979 Sample: bCYg4QqRUJ.exe Startdate: 22/09/2022 Architecture: WINDOWS Score: 56 19 Antivirus detection for dropped file 2->19 21 Antivirus / Scanner detection for submitted sample 2->21 7 bCYg4QqRUJ.exe 2 2->7         started        process3 file4 15 C:\Users\user\AppData\Local\...\project1.exe, PE32 7->15 dropped 10 project1.exe 3 14 7->10         started        process5 file6 17 C:\Users\user\AppData\Local\...\File2.exe, PE32+ 10->17 dropped 13 wscript.exe 10->13         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc3b1cd6cc70e681b959bf718ba3a91ac4d5f6c0dfe49fa6ef0f6a7092a5690d/
Threat name:
Win32.Dropper.Dapato
Create hunting rule
Status:
Malicious
First seen:
2022-09-22 15:46:15 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
25 of 40 (62.50%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3q5rzvwmodtidokzx5yyxi5jdlcnl5wa37sj7jxpb5vhbevfnegq._file
Verdict:
malicious
Similar samples:
72b6da82c3aa6faeee19e842814f77874cab37b3425ce6c503754b90c43a4610
be2a74bc76e5429010ce7741e58aecc253a33e1dbd713d8b6f02a20545469502
c040a2c32938707e1579fecce89e3c4fa04d019a467f642dd2bb18bab35bf99d
cb7d7fe72bdc9b5c0da00a175ad4354037473b71f8a9fd763d798c84c44467c0
f9c9b3fbf4d11f96ff06fc8292d8c67ad6cf5432409754bbfc95c5c80e6b160d
+ 405 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220922-s63ktaffam/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/804b1743-250f-43e2-8142-3ec99daae2f4
Unpacked files
SH256 hash:
0bb9bb0248ff89fac4e513cc1891f8aabbcc076446790c68d849e5a6c007c1ca
MD5 hash:
2fbf0040b06b8719902326d9584c29c3
SHA1 hash:
f2983c7b2d3d91722fb88198ac2441c5e098c2cf
Link:
https://www.unpac.me/results/eb0301e5-fbd3-407e-99af-58064ec6420c/
SH256 hash:
dc3b1cd6cc70e681b959bf718ba3a91ac4d5f6c0dfe49fa6ef0f6a7092a5690d
MD5 hash:
fb14605bdb6b53e1307945ade010e372
SHA1 hash:
9ee086718138d2b7a052cc3326f8719af7effa3e
Link:
https://www.unpac.me/results/eb0301e5-fbd3-407e-99af-58064ec6420c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/dc3b1cd6cc70e681b959bf718ba3a91ac4d5f6c0dfe49fa6ef0f6a7092a5690d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe dc3b1cd6cc70e681b959bf718ba3a91ac4d5f6c0dfe49fa6ef0f6a7092a5690d

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/312398/
  
URLhaus
https://urlhaus.abuse.ch/url/2310049/

Comments


Avatar
zbet commented on 2022-09-22 15:45:07 UTC

url : hxxp://sheet.duckdns.org:9000/uproject.exe