MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f55b5576d248b3bf0683f71fdae522a5c91ef87bb7e8dbded251e364687f3586. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f55b5576d248b3bf0683f71fdae522a5c91ef87bb7e8dbded251e364687f3586
SHA3-384 hash: 65215f06e352faab8cc36e9b9814ad271334140a456bf7169e120f20b7bfa491070431b0cc4341f2dc2207e13422c98b
SHA1 hash: 932af3c5049c93cbcadc40d510ea1afd71b3739a
MD5 hash: e3e5d520468b058d86c4bb4fa0b3459e
humanhash: bulldog-stream-autumn-nuts
File name:Project1.exe
Download: download sample
File size:1'369'088 bytes
First seen:2022-05-08 11:31:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8ef5d08683d8aae0d15ad6eb8949d332
ssdeep 24576:5NrzL30XIWDA2gMC3G1WOtF57GeW37ToL:LrzLkBP1taeWrT
Threatray 7 similar samples on MalwareBazaar
TLSH T173559E36B3918937D5232674AD0B93D96825BF301E286C877BED3D0C6F762923429397
TrID 46.4% (.EXE) Win32 Executable Borland Delphi 7 (664796/42/58)
31.5% (.EXE) Win32 Executable Borland Delphi 5 (451463/56/28)
18.3% (.EXE) Win32 Executable Borland Delphi 6 (262638/61)
0.9% (.EXE) Win32 Executable Delphi generic (14182/79/4)
0.9% (.SCR) Windows screen saver (13101/52/3)
File icon (PE):PE icon
dhash icon c0f0b2968c9eb2cc (2 x PureLogsStealer)
Reporter obfusor
Tags:badjoke exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
299
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Project1.zip
Verdict:
Malicious activity
Analysis date:
2022-05-08 10:59:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/043d88aa-0655-42c1-ac69-3027efd961c6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/269344/
Detection(s):
Win.Virus.Induc-9873663-0
Create hunting rule

ditekSHen.MALWARE.Win.Ransomware.KillMBR.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Creating a file
Searching for synchronization primitives
Modifying a system executable file
Sending a custom TCP request
Changing the Windows explorer settings
Forced shutdown of a system process
Rewriting of the hard drive's master boot record
Enabling autorun
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe greyware keylogger replace.exe virus winlock
Link:
https://www.filescan.io/uploads/6277aa12bd5c76586e1fbf06/reports/0829acca-e8b4-49c4-a533-44642f7b0552/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c52449d4-c07e-45c3-9bd2-1fe78e422906
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/989745
Signature
Antivirus / Scanner detection for submitted sample
Creates an undocumented autostart registry key
Infects the VBR (Volume Boot Record) of the hard disk
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Writes directly to the primary disk partition (DR0)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f55b5576d248b3bf0683f71fdae522a5c91ef87bb7e8dbded251e364687f3586/
Threat name:
Win32.Virus.Induc
Create hunting rule
Status:
Malicious
First seen:
2022-05-08 11:32:10 UTC
File Type:
PE (Exe)
Extracted files:
88
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
04c950e9fb1cf6ff2de10fd17f04191f8e938189766482ef856efa2581df8dbb
84a40405e621a10c9259ff45e052fab0789a6ff956eb95985a12d715d64e5b72
9b449e67ecf6521b887e04222783587e7295080a9b658ce86a689a1aab79ba46
b401246b1d42e19f1d86ae14b21b2aa82868eb4197c482c8aa78be7f7e28e494
facfe6d03ae63e1cb28ac57bcbc366a17b1d7dea227dbb87de6d0cb98bb53feb
fd869766f1f735b4c1479ec1300fd63f4a203142e4ed0e6ac18f05d1cdba3ac8
Result
Malware family:
n/a
Score:
  10/10
Tags:
bootkit persistence
Link:
https://tria.ge/reports/220508-nmra8ahbg2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Writes to the Master Boot Record (MBR)
Sets file execution options in registry
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
0c3be4a57864f3f1063e708d6c4b332a708b49da67d23bb82ec1001d7398867e
MD5 hash:
73e8fd26389866eedca99f65efa4f6c7
SHA1 hash:
c15d99569eff5a0ed6a8d9878aa215b254837e4a
Link:
https://www.unpac.me/results/5acb810b-2442-49b6-9bae-fe1e7fb33cb0/
SH256 hash:
50966174a810be21179e8314f98b035a12c4c6359e185dbc0e3c083abe61cbfb
MD5 hash:
46f03edfab95627bb35ac351b28dd020
SHA1 hash:
739c0f34b45bca13cc09caf9810fabf84e5959d3
Link:
https://www.unpac.me/results/5acb810b-2442-49b6-9bae-fe1e7fb33cb0/
SH256 hash:
e04cf07957495de67fdbb90622ac8209b8a22683bc61fe8b0a42cbc9825f7411
MD5 hash:
6140ea0fdb569e2ae3d6278a6ee25a6c
SHA1 hash:
272e9b1cff69ae29e5efdee3dfe4674215102aac
Link:
https://www.unpac.me/results/5acb810b-2442-49b6-9bae-fe1e7fb33cb0/
SH256 hash:
00b9c0120df0595184523a3620ef9b3c3e11fc0e61d366d7eeabb646647cfceb
MD5 hash:
bd1f243ee2140f2f6118a7754ea02a63
SHA1 hash:
cdf7dd7dd1771edcc473037af80afd7e449e30d9
Link:
https://www.unpac.me/results/5acb810b-2442-49b6-9bae-fe1e7fb33cb0/
SH256 hash:
ad80064f71d273967dcf0b14b9cd6e84d79a132231d619687d9266c7807bdfe0
MD5 hash:
a35ee23aaab26afc575ac83df9572b57
SHA1 hash:
81ea38c694ce9702faddfb961f17c1bbf628a76d
Link:
https://www.unpac.me/results/5acb810b-2442-49b6-9bae-fe1e7fb33cb0/
SH256 hash:
e37aa72bca3cecb9bdbe51cbd81ec1143bb17163088a1379a4ccb93f5d881e76
MD5 hash:
5cac4fe734fc8454ccb847e030beee38
SHA1 hash:
34298fe220e35f614b2c837cf1dc2604ab0882d6
Link:
https://www.unpac.me/results/5acb810b-2442-49b6-9bae-fe1e7fb33cb0/
SH256 hash:
f55b5576d248b3bf0683f71fdae522a5c91ef87bb7e8dbded251e364687f3586
MD5 hash:
e3e5d520468b058d86c4bb4fa0b3459e
SHA1 hash:
932af3c5049c93cbcadc40d510ea1afd71b3739a
Link:
https://www.unpac.me/results/5acb810b-2442-49b6-9bae-fe1e7fb33cb0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f55b5576d248b3bf0683f71fdae522a5c91ef87bb7e8dbded251e364687f3586

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/269344/

Comments