MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e134f20c16c2d118f95738897fc6c8f3be4ec46563ad7e1c243c3d7595a0ea68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e134f20c16c2d118f95738897fc6c8f3be4ec46563ad7e1c243c3d7595a0ea68
SHA3-384 hash: 5a0eec87bc198ca0e0dc54ed46e60a8a2dc881045a8ba4a75be53067bccf06d00ceedda33e83eee5b89cba619695b89c
SHA1 hash: 061ce76b6c32bef9a803d5c9c5b2d6607b6b1015
MD5 hash: c2dd5a2b9ce8e03f27a063d100bdccf2
humanhash: early-nitrogen-yellow-uniform
File name:cristalix.exe
Download: download sample
File size:8'782'336 bytes
First seen:2022-04-09 09:39:29 UTC
Last seen:2022-04-09 10:38:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cc0d13e592b9ede7868f616c0fba8b8a (2 x RaccoonStealer)
ssdeep 196608:wigjcMj7Tqr9xbLa9UvAhTRu5r0bTK3ra:wrf7TMlgUvAhTM6aa
Threatray 1 similar samples on MalwareBazaar
TLSH T1C896337313B2004EE1F2CD3D853B7EA935FB46578B82AC7864AEEAD125119D4E703A53
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
320
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cristalix.exe
Verdict:
Suspicious activity
Analysis date:
2022-04-09 09:42:26 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8a9859b2-ad12-4615-a0e8-c0e23a9dd78e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/262298/
Detection(s):
SecuriteInfo.com.Trojan.Heur.GM.0800520080.29030.29586.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/13281/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62515477d149c40acb10f823/reports/ef36f1b1-dc59-489d-92ab-7e4d0518242f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/038f15bb-d350-4877-a659-9e24bc533882
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/973728
Signature
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e134f20c16c2d118f95738897fc6c8f3be4ec46563ad7e1c243c3d7595a0ea68/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-04-07 16:35:55 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
18 of 42 (42.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
46878cf16c919445a9e5ada3ff03ca3465c03323a3e8b31c2de38eae1c9259e4
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/220409-lm7l4adcbp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
e65e465db50e61ddb9b1ae139214dfb1a07f95e44d093e1a8422cb811d14aabc
MD5 hash:
8ab72dbd3c9fe5cffcd1a8e92aaa5be2
SHA1 hash:
89287b7267eb18249748129b716c250f97729adc
Link:
https://www.unpac.me/results/68b42804-ca65-4f4d-b619-2827393f26ae/
SH256 hash:
e134f20c16c2d118f95738897fc6c8f3be4ec46563ad7e1c243c3d7595a0ea68
MD5 hash:
c2dd5a2b9ce8e03f27a063d100bdccf2
SHA1 hash:
061ce76b6c32bef9a803d5c9c5b2d6607b6b1015
Link:
https://www.unpac.me/results/68b42804-ca65-4f4d-b619-2827393f26ae/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.36
Link:
https://yomi.yoroi.company/submissions/e134f20c16c2d118f95738897fc6c8f3be4ec46563ad7e1c243c3d7595a0ea68

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/262298/

Comments