MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1fe2b4febc584ce92e4e4102d79fcc7555eb85e96147520e8c7569156b758e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1fe2b4febc584ce92e4e4102d79fcc7555eb85e96147520e8c7569156b758e4
SHA3-384 hash: eae07949c4a79fca281316d4006caf3da580b20c0fec1bd0c694ba4b84269424acbaf67377069aef5d70960627f0c3bf
SHA1 hash: 3a088d1323aaafbcde4bfe811812df9e5626958a
MD5 hash: e80f3a4ee9bd6893d6a6ee6ae6adc01b
humanhash: avocado-victor-edward-quebec
File name:e80f3a4ee9bd6893d6a6ee6ae6adc01b
Download: download sample
File size:336'384 bytes
First seen:2021-11-16 08:33:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b521fc70c513454aa06843505654d3aa (2 x RaccoonStealer, 2 x Loki, 1 x RedLineStealer)
ssdeep 6144:744g5426btkOabNAJIZMVfwoTztnS3lNpDh3i/xwPT07Jp:744D26btX1ZnS3lNphi5gk
Threatray 411 similar samples on MalwareBazaar
TLSH T15D648D00BAE0C035F5F366F949BA9269A53E7DD26B3590CF22D526EE96346D0EC30317
File icon (PE):PE icon
dhash icon e8e8e8e8aa66a499 (51 x RaccoonStealer, 27 x ArkeiStealer, 22 x RedLineStealer)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/206268/
Detection(s):
SecuriteInfo.com.Suspicious.Win32.Save.a.19677.21228.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Launching a process
Sending a UDP request
Creating a process from a recently created file
Enabling autorun by creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/61936d0443e8f62b6695048a/reports/59a76e5c-1bdd-43e8-90d0-0a7155f55c6a/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/19bf2fbe-e46d-437a-a911-9bff4e5c3148
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/890222
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Bypass UAC via Fodhelper.exe
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f1fe2b4febc584ce92e4e4102d79fcc7555eb85e96147520e8c7569156b758e4/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-11-16 08:35:42 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
034cab7d36d022d5c2a8ca7e9957d81c155aeb32cb0c3e575ba8b5692a1bfb5e
10323331242e0a29bdd759ee2cf3f7df01d7416ae42d859809d7e4fc201558f1
331df11f37914f6198f16dd51527abfecd77ff93fd875970f16e92978047ec74
370f5dbb2a09cfbbe1c493b7942294c12eb9aca8b03d48db57512e0ad543ced3
63a750b664882a0d7a4f40b6f4e0f1fdc8fc78763428389685a1c54d92950d2c
6c2ad98af84288aff6f49ae92f9f71befbfaa4ac35d1a05b1441f1ce15124ee0
709aff2453909486058b4b46d2e53dc9bb970aaa2966bae1986e9de0c4b1836d
8270f4aceee1b35ac2547b6a8fabfa831c8a3888e01d8fa97c24c388d318429c
c95da0845725887bae37ff3b553fb6c8fc915dd356a2051d778842e35a81c1d9
ff0b4793d0a5080966f28c746fb402ad56931a967dce572d3c2f8ddbd4b7acb8
+ 401 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211116-kg3khsaaal/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
f3c1eac9090638efca2c6db6b737c3dfa0676c2d7882eb7473719e0dd27a99cb
MD5 hash:
5cd541e806f1da91ae350657712cda9a
SHA1 hash:
1d345d220265879e82cbb96eeb8b9a54b688641f
Link:
https://www.unpac.me/results/9b96ce44-54a2-476e-9b15-706a9a6fe998/
SH256 hash:
f1fe2b4febc584ce92e4e4102d79fcc7555eb85e96147520e8c7569156b758e4
MD5 hash:
e80f3a4ee9bd6893d6a6ee6ae6adc01b
SHA1 hash:
3a088d1323aaafbcde4bfe811812df9e5626958a
Link:
https://www.unpac.me/results/9b96ce44-54a2-476e-9b15-706a9a6fe998/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f1fe2b4febc584ce92e4e4102d79fcc7555eb85e96147520e8c7569156b758e4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f1fe2b4febc584ce92e4e4102d79fcc7555eb85e96147520e8c7569156b758e4

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1791747/
Cape
Cape
https://www.capesandbox.com/analysis/206268/

Comments