MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dffca632e4ef9880cbfd078c90ba28a26c062c26bc93b8be1a9467443d92e61a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dffca632e4ef9880cbfd078c90ba28a26c062c26bc93b8be1a9467443d92e61a
SHA3-384 hash: 441722faddbebc961aec232dd6ad7dbdd26b54f458bf4ab636920eaf92894597cbcda28d76c25ac41d43a49b44e4461b
SHA1 hash: fe106d3af99e8fb96eac43eb7c4abf27af9e1782
MD5 hash: 9f6c2ab67ba17d3e92d95b2ecda7aeb7
humanhash: one-butter-floor-zebra
File name:dffca632e4ef9880cbfd078c90ba28a26c062c26bc93b8be1a9467443d92e61a.exe
Download: download sample
File size:1'099'264 bytes
First seen:2023-07-16 12:10:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:UMZH8M4zZei257Q51yWjAg6PqilnZarOX3Fsn+JrkNUMg2yKPk/NKi:ZWzZhCvqilZarPuM3vPQ
Threatray 1'173 similar samples on MalwareBazaar
TLSH T1C3355B17F5EBDEA1CB5A0B3AC09B58001B6896513653FB0F7E4523766D033BB8986783
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter vmovupd
Tags:CoinMiner dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
404
Origin country :
NO NO
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
dffca632e4ef9880cbfd078c90ba28a26c062c26bc93b8be1a9467443d92e61a.exe
Verdict:
Malicious activity
Analysis date:
2023-07-16 12:11:24 UTC
Tags:
zgrat
Link:
https://app.any.run/tasks/f10a1430-6a6e-41a8-b0d8-bc7996c54fa4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/421595/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.68172565.25057.24941.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/64b3de57f52c3e1a01498891/reports/df12a169-d1bc-4c56-98d1-7eecc513feac/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/dffca632e4ef9880cbfd078c90ba28a26c062c26bc93b8be1a9467443d92e61a
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/740fa6d2-c6d3-471d-8f5a-a8f3672c218a
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1273983
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1273983 Sample: A4PNbu8FlA.exe Startdate: 16/07/2023 Architecture: WINDOWS Score: 56 15 Multi AV Scanner detection for submitted file 2->15 17 .NET source code contains method to dynamically call methods (often used by packers) 2->17 19 .NET source code references suspicious native API functions 2->19 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dffca632e4ef9880cbfd078c90ba28a26c062c26bc93b8be1a9467443d92e61a/
Threat name:
ByteCode-MSIL.Trojan.CrypterX
Create hunting rule
Status:
Malicious
First seen:
2023-07-14 14:36:59 UTC
File Type:
PE+ (.Net Dll)
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=376kmmxe56mibs75a6gjboriujwamlbgxsj3rpq2srtuipms4yna._file
Verdict:
malicious
Similar samples:
03fcf785b17d2ef8014c2bc90129da267f899218312c789ce94ee24e9a97c105
11ec89ea5da82e62e0a851d6bc49f38b39cd7ab6db3b254029fe9f923fce0d7b
1c758992ed57930115ba585a43bc0a7a750a476206cf1999bf3333f26fc230f2
2dc6a762fbcc017cddee0b0099ffcc61af6336f4444e911997e4af2635c8f183
812f2741f662194744b33d6e51c4fbe11823d06e90938865aa4517974a072bc1
8d28747c371be7ce0a33ee57204dfccdd03c33fdc233f7283a09fd2c971b71e2
8e81c784f79eb9358991ca3b1bab8c5d1ddaaa70a849fe7527ed005063d6c092
a79b72f3eb7b981e49d7d687d0b80e2a248b5a6fe19a68038887183403fa50b7
fc6ddb1f7644597b84d14e3efa4cd1a1d1ad0083141b3fa2a613cd3c092f6505
+ 1'163 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230716-pck7wsef84/
Unpacked files
SH256 hash:
dffca632e4ef9880cbfd078c90ba28a26c062c26bc93b8be1a9467443d92e61a
MD5 hash:
9f6c2ab67ba17d3e92d95b2ecda7aeb7
SHA1 hash:
fe106d3af99e8fb96eac43eb7c4abf27af9e1782
Link:
https://www.unpac.me/results/dfc591ca-3b0a-418f-8dda-36e10d00bc38/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dffca632e4ef9880cbfd078c90ba28a26c062c26bc93b8be1a9467443d92e61a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Executable exe d554c3844613b585d9b9399ec67bc75ad368a45cf0a06a8bdd4c06a29232e10b

CoinMiner

Executable exe 4750dfff318bcf5ba7bf432cc40a868140a07b6f3d1a8114bdd625a762799703

Executable exe dffca632e4ef9880cbfd078c90ba28a26c062c26bc93b8be1a9467443d92e61a

(this sample)

  
Dropped by
SHA256 4750dfff318bcf5ba7bf432cc40a868140a07b6f3d1a8114bdd625a762799703
Cape
Cape
https://www.capesandbox.com/analysis/421595/
  
Dropped by
MD5 9911b684246fccb29c889ed68dcdac20

Comments