MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7c3f20e293112d02c667e098467572371107a5316ffdf4434dea2e490434771. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gh0stCringe


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7c3f20e293112d02c667e098467572371107a5316ffdf4434dea2e490434771
SHA3-384 hash: d1f5da5fdedfd131b53eea7df3456bdd26a44be763133c054929905b4918ffd3de5c771a285c2eeb7ddb2528eb2f8f4d
SHA1 hash: 73317c5a213d75a352ea4df771193e27940f74a7
MD5 hash: daf298da9fb65d9ed7cacee60b0d41e4
humanhash: alanine-oxygen-edward-floor
File name:daf298da9fb65d9ed7cacee60b0d41e4
Download: download sample
Signature Gh0stCringe
Create hunting rule
File size:63'488 bytes
First seen:2021-10-01 13:27:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d9c7208ff3022bb34870c7ddeb406eb1 (5 x Gh0stCringe, 1 x Ramnit, 1 x Gh0stRAT)
ssdeep 768:jbz3IhpglwpDEq2m0j6Tf8V4Ie7ZZa3R1fb961vNPrl7EJnCJ0u6N:n4+wpDElm2IAUZZo1fbs1RVEZCJ0h
Threatray 13 similar samples on MalwareBazaar
TLSH T1F653070DE69EF0E2FB517530260E66328EBDB82C853C951F2E56694D1CF5B80A4AD372
Reporter zbetcheckin
Tags:32 exe Gh0stCringe

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/194005/
Detection(s):
Win.Trojan.Mikey-9769164-0
Create hunting rule

Win.Malware.Farfli-9832713-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the system32 directory
Creating a service
Launching a service
Launching a process
DNS request
Connection attempt
Sending a custom TCP request
Enabling autorun for a service
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a0bac5c8-04a5-4552-9db4-798f566ff18b
Result
Threat name:
Gh0stCringe
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/862733
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes security center settings (notifications, updates, antivirus, firewall)
Checks if browser processes are running
Contains functionality to detect sleep reduction / modifications
Creates a Windows Service pointing to an executable in C:\Windows
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Gh0stCringe
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e7c3f20e293112d02c667e098467572371107a5316ffdf4434dea2e490434771/
Threat name:
Win32.Backdoor.Farfli
Create hunting rule
Status:
Malicious
First seen:
2021-09-19 20:52:00 UTC
AV detection:
27 of 27 (100.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=47b7edrjgejnaldgpyeyiz2xenyra6stc3756rbu32rojecdi5yq._file
Verdict:
malicious
Similar samples:
28c67cdcd4523ca934a1b72c6c8f5ed39874b6b8f66e3f679cb1095f859f6e83
Gh0stCringe
3eabf4e909e889bfcb994a36d041ced30c30a377a6a0d6057eda4b8f35f4ca0e
Gh0stCringe
4bb4435958fa48762b34905fc5ac50c78878eccb33252f72cb037d664cb60fc9
Gh0stCringe
727bc43e3d9cdf3e79c2232cf3f647bdf94ad2012c31403434c17e5bbeb3c339
Gh0stCringe
7e6b769afc67e5e76904920f69a8d31475576ee4dc3411379efa665de38f7697
Gh0stCringe
a578e71d04eae80004ab431497c95fb9779a95dc7f0c60996c24c1cb7139745d
Gh0stCringe
acaed16a37962b29231a2b0842b616000656a12ff66ce41830ca855a207fc5dc
Gh0stCringe
c973c31f8af3d15abb5963e2764f534e5263828320e9c15e57c953392c32ce65
Gh0stCringe
d3501787751324e615bd13ed80417360fbd7558385662ac34c51b34802f9b9d4
Gh0stCringe
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/211001-qqnqlsbhcr/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
Sets DLL path for service in the registry
Unpacked files
SH256 hash:
e7c3f20e293112d02c667e098467572371107a5316ffdf4434dea2e490434771
MD5 hash:
daf298da9fb65d9ed7cacee60b0d41e4
SHA1 hash:
73317c5a213d75a352ea4df771193e27940f74a7
Link:
https://www.unpac.me/results/c1019ceb-4186-4898-879f-79b7444fe8bf/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/e7c3f20e2931/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/e7c3f20e293112d02c667e098467572371107a5316ffdf4434dea2e490434771

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gh0stCringe

Executable exe e7c3f20e293112d02c667e098467572371107a5316ffdf4434dea2e490434771

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1650416/
Cape
Cape
https://www.capesandbox.com/analysis/194005/

Comments


Avatar
zbet commented on 2021-10-01 13:27:18 UTC

url : hxxp://103.45.185.68:6358/tfhm2.exe