MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd47342f809e86e447b68827dd3a1e72ea0795b71976ecd6fa242013b767b14f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd47342f809e86e447b68827dd3a1e72ea0795b71976ecd6fa242013b767b14f
SHA3-384 hash: 4d8fc9c6bf284c954db2a15a3d8ea815766e0e0620604b15ccb0b8f4930c2080cfae204475963652127dde21b23773a2
SHA1 hash: f06141cedf2aac3cfac6c997d99c00d8e7c5b4c1
MD5 hash: b6bbab9f72c88d07b484cc339c475e75
humanhash: yellow-stream-nevada-seventeen
File name:SecuriteInfo.com.Trojan.MulDrop20.49709.30212.7740
Download: download sample
File size:1'486'224 bytes
First seen:2022-10-26 15:48:28 UTC
Last seen:2023-08-27 08:52:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 796c2e9b3a563a11c5d095c56106a37d
ssdeep 24576:Y3621SZiNtNxkSJPXZi9aftdqkXO5pM7xUo1nZADHE2SDyuq5ZP+df:Y3dblkS5XZi9wdqlpMVUo1n+kbDzqbk
Threatray 147 similar samples on MalwareBazaar
TLSH T183651283FE70A878C92F063035AC96EC52D1BD2B5D9C490BBB1EF74D48B518214F6A97
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 20414f4f4f4e4f00
Reporter SecuriteInfoCom
Tags:exe signed

Code Signing Certificate

Organisation:ok.com
Issuer:R3
Algorithm:sha256WithRSAEncryption
Valid from:2022-06-16T19:10:49Z
Valid to:2022-09-14T19:10:48Z
Serial number: 04f2e778b36dd9ef3c7bb2e118e87b79a626
Thumbprint Algorithm:SHA256
Thumbprint: 5e882540eea11b4b2869593a1db836c4f845c7046218ccd9ad21c3a53dd54ccb
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
256
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
dcrat
Create hunting rule
ID:
1
File name:
http://cheats4.pro/download
Verdict:
Malicious activity
Analysis date:
2022-09-29 01:18:51 UTC
Tags:
trojan rat backdoor dcrat loader redline
Link:
https://app.any.run/tasks/c372bf51-e3fc-4963-8894-fb2667322b21

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/324457/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop20.49709.30212.7740.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Sending a custom TCP request
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
Launching a process
Creating a process from a recently created file
Enabling autorun by creating a file
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/45691/overview
Behaviour
MalwareBazaar
MeasuringTime
CPUID_Instruction
SystemUptime
EvasionQueryPerformanceCounter
EvasionGetTickCount
CheckCmdLine
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fd87350f-7702-455f-a1e9-e6b52cdc3be0
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1098579
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Contains functionality to compare user and computer (likely to detect sandboxes)
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd47342f809e86e447b68827dd3a1e72ea0795b71976ecd6fa242013b767b14f/
Threat name:
Win32.Trojan.MintTitirez
Create hunting rule
Status:
Malicious
First seen:
2022-09-01 02:01:53 UTC
File Type:
PE (Exe)
Extracted files:
11
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3vdtil4at2doir5wrat52oq6olvapfnxdf3ozvx2eqqbhn3hwfhq._file
Verdict:
malicious
Similar samples:
045ea058a9769c76edb8e280a8b00e7a0f317293f5e9cbfada31477adc5195d3
0a704f4fd98ed5bfab0426f9295b8c60e60b0d381b3c3548ef0b9da84ed11835
38f04820d11d14a63b75ecf5d8313c2c4fc039563d4ceeb7c6a4ca557d9fab33
47999d24a62260aceac07d042e065e8000173124ca9b8d13ac2516338b5cd282
7f6aff9bfba1f2b99f44bf234b63b2bbdd9f56accff33e1a258dc229050beb22
c84bbfce14fdc65c6e738ce1196d40066c87e58f443e23266d3b9e542b8a583e
+ 137 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221026-s9bw9sgcbj/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c
MD5 hash:
be28414896e062d07b1c86124d4c7a1e
SHA1 hash:
9a5a8cdc6b9c7da130d2cb765f04e7e49a549170
Detections:
ClipboardCryptoHijacker
Create hunting rule
Link:
https://www.unpac.me/results/b6f779b4-326c-4436-9f33-1672ffc1471e/
Parent samples :
dd47342f809e86e447b68827dd3a1e72ea0795b71976ecd6fa242013b767b14f
daed3dc9b621dc7d62cd2ab8443e18e1cdf93f5db7131c64135ec76769502b7f
SH256 hash:
28dd9cd5938316fd6bac4f2d33727626bd7500894a184de482bc6478f281409c
MD5 hash:
80d6a311ebccde0d5bd89525c975207f
SHA1 hash:
5a2ff7360fa7d95f337c2fd542a3bfd2480f72e6
Link:
https://www.unpac.me/results/b6f779b4-326c-4436-9f33-1672ffc1471e/
SH256 hash:
dd47342f809e86e447b68827dd3a1e72ea0795b71976ecd6fa242013b767b14f
MD5 hash:
b6bbab9f72c88d07b484cc339c475e75
SHA1 hash:
f06141cedf2aac3cfac6c997d99c00d8e7c5b4c1
Link:
https://www.unpac.me/results/b6f779b4-326c-4436-9f33-1672ffc1471e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dd47342f809e86e447b68827dd3a1e72ea0795b71976ecd6fa242013b767b14f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe dd47342f809e86e447b68827dd3a1e72ea0795b71976ecd6fa242013b767b14f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2385809/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/324457/

Comments