MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e95fd4b1c20d7547466b404f5a9f00940e40e3c8421c3838b619adfa6bbcb4cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e95fd4b1c20d7547466b404f5a9f00940e40e3c8421c3838b619adfa6bbcb4cb
SHA3-384 hash: 17c7d87cb9287ad2557db34baefe83d86235b4397f6f8deb129548fdb960743389159c815e3a8271709427912b71eae6
SHA1 hash: 1198c81c038d6ca87a2eb73a8c0008f3158eefd6
MD5 hash: f910fd2fef3f086c5c3b93ae20f4580e
humanhash: cup-kitten-eight-friend
File name:f910fd2fef3f086c5c3b93ae20f4580e
Download: download sample
File size:288'768 bytes
First seen:2021-09-03 21:20:21 UTC
Last seen:2021-09-03 22:14:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 06fbc87344400a3722a88a2791d1fe43 (2 x Glupteba, 1 x RedLineStealer, 1 x Smoke Loader)
ssdeep 6144:1u6vMG5L2fo6pR0hkaD5+aGlMGt7T5zk7mq:TM4KHVaMaGp7T54t
Threatray 620 similar samples on MalwareBazaar
TLSH T1EC54CF712B91D533C0A7D5304975AFA46A3EBFA2A960C687B6343F2B5E313C05621B4F
dhash icon 8ef16c9cb6dcd8e2
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
173
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f910fd2fef3f086c5c3b93ae20f4580e
Verdict:
Malicious activity
Analysis date:
2021-09-03 21:21:57 UTC
Tags:
trojan loader stealer raccoon evasion
Link:
https://app.any.run/tasks/dc5037d5-87a5-4b43-af1f-0b6aa73d585b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/185234/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.15279.25161.13842.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
DNS request
Connection attempt
Sending an HTTP GET request
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Searching for the window
Sending a UDP request
Launching a tool to kill processes
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e5b012a9-8bb9-4e7d-8554-4ec341d79327
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/845078
Signature
Antivirus detection for URL or domain
Country aware sample found (crashes after keyboard check)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e95fd4b1c20d7547466b404f5a9f00940e40e3c8421c3838b619adfa6bbcb4cb/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-09-03 21:21:05 UTC
AV detection:
18 of 43 (41.86%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
0fc23c2e005cdfed1a0380dd7a06dda83b882f8d392c7f157b783822d21d78a1
11adb6fd4fbcb8fe68033ff2bc3b8cc45b980c573f7c58be291383d5b95d6e41
8eea00bd7d1db820c7a1b5622119b76944215e5803c2e8b772b9548e9ee91c66
90218287a2349091c5221723b26ee73e101b51f5ef99dbaa23d8c19f83c58f91
935099f2160f2dd5fec6a63ea02c81d80c0b2cbf712b0e48b386a81078a627dd
9453ddc4bebb87a937e3d53d38c56814907b2862496142ccdb568f48caf2d467
a5f4eb3b915bcfdd72cb81b7d89c0c0fd6b190b637db6ffad25604d24985f9e8
b5f88e34db4bb65da8c21982590b67922fe32e62e7cfaae9fbe417a4262aa143
b9f79bcb4c0ea9e939b35813e807fda308b7038f1dea613e7d8bbd7fe127ac84
d2d90f02ccd7c3fd1b46d667081529a1af8172e4a51feda461c8d250081c3548
+ 610 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210903-z7bbaadec4/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Deletes itself
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
56bce56dd73e39bf34765ab7180df7f5603453dd849b42e711d23740e304cb75
MD5 hash:
217e82b4d3103941fb02b67d47618c89
SHA1 hash:
6b5a5b5f25eefaa6739b7cde771b09d5a8f62532
Link:
https://www.unpac.me/results/24a361ee-9474-4007-8cc1-f3082f8aa003/
SH256 hash:
e95fd4b1c20d7547466b404f5a9f00940e40e3c8421c3838b619adfa6bbcb4cb
MD5 hash:
f910fd2fef3f086c5c3b93ae20f4580e
SHA1 hash:
1198c81c038d6ca87a2eb73a8c0008f3158eefd6
Link:
https://www.unpac.me/results/24a361ee-9474-4007-8cc1-f3082f8aa003/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e95fd4b1c20d7547466b404f5a9f00940e40e3c8421c3838b619adfa6bbcb4cb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e95fd4b1c20d7547466b404f5a9f00940e40e3c8421c3838b619adfa6bbcb4cb

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/185234/

Comments


Avatar
zbet commented on 2021-09-03 21:20:23 UTC

url : hxxp://194.145.227.159/pub.php?pub=azed/