MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f743f72b0d85b5fbeb07e2cbc3a39d85f73748d5b8dab6244fea8fffd5e41533. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hive


Vendor detections: 8


Intelligence 8 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f743f72b0d85b5fbeb07e2cbc3a39d85f73748d5b8dab6244fea8fffd5e41533
SHA3-384 hash: b8195a2cbf62b08de8cbcce07149a24d04443726432f0f4a5f35904f52f932996475171c4f0e0db06202f73988c33ae4
SHA1 hash: 0092855964b928e46276ed98348b2376eddb7f14
MD5 hash: 0df23d0344989230bd0333c37ca598fd
humanhash: pennsylvania-rugby-pasta-seven
File name:SecuriteInfo.com.Trojan.MulDrop19.61186.2947.27996
Download: download sample
Signature Hive
Create hunting rule
File size:2'724'352 bytes
First seen:2022-03-21 18:14:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 49152:ZEkGEXxxc0JW2SgwO5U8a3Mr2lj1ZToyigEHBo9719jY0Y5OBc07v+/:5GEh5pSpOja3391Zsyr971FY5OO07vw
Threatray 90 similar samples on MalwareBazaar
TLSH T1A4C5338698C5ABB0C05E82377DC0C5B0A88B58E12B65379BF5C52B3D58CB8F51F2EC56
Reporter SecuriteInfoCom
Tags:exe Hive

Intelligence

File Origin
# of uploads :
1
# of downloads :
235
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/253751/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop19.61186.2947.27996.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Creating a file in the %AppData% subdirectories
Changing a file
Running batch commands
Launching a process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/6238c0cddfdfa8501cc827ea/reports/94a6ccb0-f7d0-4066-a5d3-b9784cde5586/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5efdb827-d170-495f-8d54-bff3302cfbb4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/961070
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f743f72b0d85b5fbeb07e2cbc3a39d85f73748d5b8dab6244fea8fffd5e41533/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-12 19:47:48 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
24 of 42 (57.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=65b7okynqw27x2yh4lf4hi45qx3tosgvxdnlmjcp5kh77vpecuzq._file
Verdict:
unknown
Similar samples:
057e92d5cb962f0860f3f59f767645350a870c5a884afe1a2806509954036633
Hive
0cba0f9dafbb15b07c0e8b87ccd3ea7c306198b67dd480c42aa822c0e51ad2e8
Hive
1ddbe4b8bd2199ba2b52ddae006365a191e380b52196ad950018f53db5ea5c0c
Hive
6f6585d3df024c6e411a075d856c79cc7a70e5509006e53dcaafeb8fc418fdf8
Hive
82346f3a4b7e84f746f6242ff70265b1467ffdcd01954f71806f86c2989a9819
Hive
b5938c03650e60c155fcd791580459cabb77d515f3d4e97afab7e3175c3b6e9e
Hive
d2d63e8749f44493b88d1c4de830a37adfcdbbc0e7249a799679020310c6a48a
Hive
+ 80 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer upx
Link:
https://tria.ge/reports/220321-wvydhahgdk/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Deletes itself
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
f743f72b0d85b5fbeb07e2cbc3a39d85f73748d5b8dab6244fea8fffd5e41533
MD5 hash:
0df23d0344989230bd0333c37ca598fd
SHA1 hash:
0092855964b928e46276ed98348b2376eddb7f14
Link:
https://www.unpac.me/results/1dea05c9-3d0c-4016-b6a2-c55f159926ce/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f743f72b0d85b5fbeb07e2cbc3a39d85f73748d5b8dab6244fea8fffd5e41533

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:GoBinTest
Create hunting rule
Rule name:golang
Create hunting rule
Rule name:Golangmalware
Create hunting rule
Author:Dhanunjaya
Description:Malware in Golang
Rule name:HiveRansomware
Create hunting rule
Author:Dhanunjaya
Description:Yara Rule To Detect Hive V4 Ransomware
Rule name:identity_golang
Create hunting rule
Author:Eric Yocam
Description:find Golang malware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Hive

Executable exe f743f72b0d85b5fbeb07e2cbc3a39d85f73748d5b8dab6244fea8fffd5e41533

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/253751/
  
URLhaus
https://urlhaus.abuse.ch/url/2109395/
  
Delivery method
Distributed via web download

Comments