MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f24b525295374178f81ce9b8a6ab6c0bca5ea718e6286833116268d27f8ec847. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f24b525295374178f81ce9b8a6ab6c0bca5ea718e6286833116268d27f8ec847
SHA3-384 hash: 29f3641c648e7e6819fdc7bfe510377379cde27bc52fae3e6663ea87e20e0d9fd54488bec6d73b26ef130b1ab87fe6e2
SHA1 hash: 6f984499f0956671e00487b84f6eaeb1b52350c0
MD5 hash: 3d2c9b8d43b681155bcd42156689e0ff
humanhash: carpet-three-sad-quiet
File name:3d2c9b8d43b681155bcd42156689e0ff.exe
Download: download sample
File size:366'592 bytes
First seen:2021-06-26 10:48:58 UTC
Last seen:2021-06-26 11:44:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1465dccf6e4ac51fee47e91b6181067d (2 x ArkeiStealer, 1 x FickerStealer, 1 x Smoke Loader)
ssdeep 6144:vlw8ChT4xkz6n7hcHLdEc1++p+XMX1p5MnnAfCc5RBff+vYu20ZdtF+ikP:vRi6nAic1pAMlp5Mn5kV2WqXEi
Threatray 112 similar samples on MalwareBazaar
TLSH D4748C00A6A1C035F6B616F8897AD3AC953D7EE05B6050CB62D4EAFE56382E1FC31357
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3d2c9b8d43b681155bcd42156689e0ff.exe
Verdict:
Malicious activity
Analysis date:
2021-06-26 10:51:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9018382d-7849-4faf-8b75-78c9720e80b7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/168472/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.21790.11071.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f5c867f3-9cec-4f4e-b3c9-f65aa18701c2
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/808450
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f24b525295374178f81ce9b8a6ab6c0bca5ea718e6286833116268d27f8ec847/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-06-26 10:49:11 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0bcf14216198351151d34d3e6ea6c05bf06c62eee05e15804ba132ea455b3710
1cccfc83a668d9ac87ad438bc7428d7d4eb7c224e437d37d15b7e7a274468545
2dd214b7750c889a14bb6c1be4ff3b32e1bce2fba8d274de69b36b442486a1c6
3991ded07d37f90d15c445a0cce467a74d0e761b533815a9b7d2e82e3cd47eee
45269d3d0fbf13c80d6c496d3ee36e13808e36063bc82e3247cfc291e0f9223c
4a8de772cb047939cbac796b1461b5276e418fb33249cb4d41785ef37fa91a35
644c41a4311cb26bf1e4b1587a7c8b4e843395cadda1f9ab710a585658c829b2
809ebb3b8572da276fb521772e931faca272a61a9a05e3a3f0734be71cdcc4f9
aa703fb814c6e09c409060654ea9b5798b6a99cb0ceb25bd31bf894dc60702f5
b3daa8d8b247d807ed0619e9f246a6769aa8334f61586a2579ea4886ffca05c1
+ 102 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210626-k2p23mnxda/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
b2a049b580ef2fe23defefd78644442329b1378213c59357fbec5e24555aac44
MD5 hash:
f9e3e8dcfbfaf22d61687c78a2ff20fa
SHA1 hash:
439731b1bf2b800c2ed8c18fcd14b8ecc25eacc9
Link:
https://www.unpac.me/results/2886625d-06b4-4805-ba79-6e788612a132/
SH256 hash:
f24b525295374178f81ce9b8a6ab6c0bca5ea718e6286833116268d27f8ec847
MD5 hash:
3d2c9b8d43b681155bcd42156689e0ff
SHA1 hash:
6f984499f0956671e00487b84f6eaeb1b52350c0
Link:
https://www.unpac.me/results/2886625d-06b4-4805-ba79-6e788612a132/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f24b525295374178f81ce9b8a6ab6c0bca5ea718e6286833116268d27f8ec847

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f24b525295374178f81ce9b8a6ab6c0bca5ea718e6286833116268d27f8ec847

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1400216/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/168472/

Comments