MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0956c80448500aab24cddda90a8b602fd94653168e0eced89b661bcb2ec15b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA 3 File information Comments

SHA256 hash:	f0956c80448500aab24cddda90a8b602fd94653168e0eced89b661bcb2ec15b4
SHA3-384 hash:	5207c950ac5321c3e94ba884a4b674d4194ab86fcb67c78da27268fc71bd7fd1cb7458bd3c3325b62270b1beb72cac43
SHA1 hash:	db69fd258127b0eeed47dc3fb3c685c59a5a00c5
MD5 hash:	e1541a7511f12c7863ebf9e4870f9125
humanhash:	twelve-lake-purple-butter
File name:	NavicatCracker v16.0.7.0 .exe
Download:	download sample
File size:	5'270'528 bytes
First seen:	2022-10-13 02:31:11 UTC
Last seen:	2023-01-05 19:01:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	7df8e0a7e89471a3d1c5bcee2e8ebd30
ssdeep	98304:wEyufGyjD3fdpw9vY6MU9yqdeZ6QaW0VOTYgSqb9kesmayV/1Y9I6OdNt+E2S:wa3Pjwi+yqEZ6tW0VOTuqZPlV/15vgS
Threatray	934 similar samples on MalwareBazaar
TLSH	T18F362351A6EAB95EF810F5B81FCAD36CAB56ECD451434F372294339B1F706902E62833
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	d8d6234d86868c79
Reporter	Anonymous
Tags:	exe malware navicat

Intelligence

File Origin

# of uploads :

# of downloads :

271

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

f0956c80448500aab24c.zip

Verdict:

No threats detected

Analysis date:

2022-09-02 10:57:56 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/72ff1506-fea7-49e4-9eba-21e3da1638f2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/319627/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Searching for synchronization primitives

Creating a window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm packed shell32.dll

Link:

https://www.filescan.io/uploads/634778a39ddf6b806e426c53/reports/e37fb3cc-b7c1-410e-b24f-d83d108e3f32/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4ac939ff-a3bf-4118-ac07-7328f1968300

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1089361

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f0956c80448500aab24cddda90a8b602fd94653168e0eced89b661bcb2ec15b4/

Threat name:

Win64.Hacktool.Generic

Status:

Suspicious

First seen:

2022-03-31 06:12:20 UTC

File Type:

PE+ (Exe)

Extracted files:

905

AV detection:

2 of 26 (7.69%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6ckwzacequakvmsm3xnjbkfwal6zizjrndqoz3mjwzq3zmxmcw2a._file

Verdict:

unknown

0a411cd463b91000f0a2a032d04ff3855bb458a4bb395e441ed7d9b313a99d29

179a9cbd204f59591634d4289b4b9494a72d655021e06caf41b1e615df989b4c

197e1ed153952290628d8d7df87f8574f58d7720c8f6a6b9b48f0f20b656b1fd

2ab38d83bd8b85116c702c180dac7de4480c0bef20b43a100a97ea939be9bca7

5934cc132902dec2b1e57bcd79cab21acaafd4b3eca7566dba6d912d56ecad28

6819aeef46bdb64eb7f72f5ba764c618808e83cd169e678923d6c0103e78b8fe

7d2ef88de4820aae52a0062afc1dc0bcb93647254db69ced2a75304c5bef8d63

b77dd1dbfede33d9a526773a528ce16e02617325db7ab4c82b9491409a284deb

dda918f09ec1d46c0ece122efce15ef8985857e0c9b372b9a67466f7700c6c70

+ 924 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/221013-c1ad3safg6/

Behaviour

Suspicious use of SetWindowsHookEx

UPX packed file

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/73502ba7-0120-4bfd-88a5-a5b825af4eea

Unpacked files

SH256 hash:

f0956c80448500aab24cddda90a8b602fd94653168e0eced89b661bcb2ec15b4

MD5 hash:

e1541a7511f12c7863ebf9e4870f9125

SHA1 hash:

db69fd258127b0eeed47dc3fb3c685c59a5a00c5

Link:

https://www.unpac.me/results/df1f07c3-41d4-4faa-b7ad-b27057bd4551/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.05

Link:

https://yomi.yoroi.company/submissions/f0956c80448500aab24cddda90a8b602fd94653168e0eced89b661bcb2ec15b4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BitcoinAddress Create hunting rule
Author:	Didier Stevens (@DidierStevens)
Description:	Contains a valid Bitcoin address

Rule name:	meth_get_eip Create hunting rule
Author:	Willi Ballenthin

Rule name:	Mimikatz_Generic Create hunting rule
Author:	Still
Description:	attempts to match all variants of Mimikatz

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/319627/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample