MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7f0261df8a81b3c20be78b7648aa46cdba62f08e9e770aa0c4e9fbe8d52624f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	f7f0261df8a81b3c20be78b7648aa46cdba62f08e9e770aa0c4e9fbe8d52624f
SHA3-384 hash:	5f2132bbcdeb0da160af08b7de064a434bb9462801b6f7552817759529183c5c4752d440160d5c1dee6395c5d6ba2bd4
SHA1 hash:	1907b89238e366df8d28b2d047dfa392d79c1bca
MD5 hash:	93045fd9bfbc4235ac1323459de2ca51
humanhash:	football-lemon-missouri-monkey
File name:	SecuriteInfo.com.Trojan.Heur2.@J0@IKsaYYei.10763.16965
Download:	download sample
File size:	7'128'576 bytes
First seen:	2022-08-22 02:33:37 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d812527b5988192695ea156eae610de1 (2 x RaccoonStealer)
ssdeep	196608:EpsBLwRLKqIdLudY5zQefpl2L/XDPoDjxBUP:K2URLKLdvzBzIDUjxOP
Threatray	82 similar samples on MalwareBazaar
TLSH	T11676337756811150E5E6C83A85277DEC72F702368780E838B9DBAAC03E279F6E5139C7
TrID	32.2% (.EXE) Win64 Executable (generic) (10523/12/4) 20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 15.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 13.7% (.EXE) Win32 Executable (generic) (4505/5/1) 6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

324

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Trojan.Heur2.@J0@IKsaYYei.10763.16965

Verdict:

Suspicious activity

Analysis date:

2022-08-22 02:39:27 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/89555dd5-8148-4b13-8c9b-b1a3cc050014

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/300100/

Detection(s):

SecuriteInfo.com.Trojan.Heur2.@J0@IKsaYYei.10763.16965.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Launching a process

Sending a custom TCP request

Enabling autorun by creating a file

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/29603/overview

Behaviour

MalwareBazaar

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed shell32.dll

Link:

https://www.filescan.io/uploads/6302eb5ec7e5977f84e4579c/reports/393e6970-1127-4315-8a8c-f5fe2ab7e723/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/eae8f445-b588-402e-8c3d-56bf1c681600

Result

Threat name:

Clipboard Hijacker

Detection:

malicious

Classification:

spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1055237

Signature

Antivirus / Scanner detection for submitted sample

Hides threads from debuggers

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Tries to evade analysis by execution special instruction (VM detection)

Uses schtasks.exe or at.exe to add and modify task schedules

Yara detected Clipboard Hijacker

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f7f0261df8a81b3c20be78b7648aa46cdba62f08e9e770aa0c4e9fbe8d52624f/

Threat name:

Win32.Trojan.Tiggre

Status:

Malicious

First seen:

2022-08-21 18:19:11 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 40 (55.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=67ycmhpyvantyif6pc3wjcventn2mlyi5htxbkqmj2p35dksmjhq._file

Verdict:

malicious

06cd1b17015926da3c902f7b67e130054e9170f355a1cdf1274ddc955f4152ee

595a5d21b386ba8e30b567cbe575b24ed104ee589037a48aa2d277452ba0b6a6

6b8dac8326076b76369a8eb4e316a86a7663b597aeffe89b35e86c02aa5df4c0

6c4bfcef3dff8cb37c8fd96dc027a6df5b875e140b2b5f1f7b95764b7cae61c9

72da013062ea0fd8acf955c4517f8998fef0f6f6d467c9610f8d9b5f77169f57

ba9b4ed1a5f1e4f658430f393969f1b6a602c5534d745ad3f12fae35cf2a64d1

f072f7896731668ac389aa1d7da8c1d12a858bcf58b6ef8d023ffa78ef3f4023

+ 72 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/220822-c2fbqahgcq/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of NtSetInformationThreadHideFromDebugger

Unpacked files

SH256 hash:

fd3b85de1145957a7fc01ca55e4066ca6299f31ef1a20bddbe471deb02b32c28

MD5 hash:

0e438d5d3786014f0c640f77613480a2

SHA1 hash:

e2c350ab4be01bf166f34d2bbc5971601260447f

Link:

https://www.unpac.me/results/cab37041-d131-44bf-9caf-5fd1a9c6cfee/

SH256 hash:

f7f0261df8a81b3c20be78b7648aa46cdba62f08e9e770aa0c4e9fbe8d52624f

MD5 hash:

93045fd9bfbc4235ac1323459de2ca51

SHA1 hash:

1907b89238e366df8d28b2d047dfa392d79c1bca

Link:

https://www.unpac.me/results/cab37041-d131-44bf-9caf-5fd1a9c6cfee/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/f7f0261df8a8/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f7f0261df8a81b3c20be78b7648aa46cdba62f08e9e770aa0c4e9fbe8d52624f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe f7f0261df8a81b3c20be78b7648aa46cdba62f08e9e770aa0c4e9fbe8d52624f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2275010/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/300100/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample