MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f839282d220070e3ff6d1467515862a17dfda7afec2420ea6427106510375428. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f839282d220070e3ff6d1467515862a17dfda7afec2420ea6427106510375428
SHA3-384 hash: 962929496fc89e3905c4d844d6fd273bacfdd846de96e5019f6a27ec274fc974a4fbc288e62c5f726b3f0c918540de97
SHA1 hash: eef881cab8ac1b63047836ef9aabaf85d4c7f204
MD5 hash: 6c50fc84c420a224de621d2e2a38d7ac
humanhash: lake-comet-mike-july
File name:6c50fc84c420a224de621d2e2a38d7ac
Download: download sample
File size:316'928 bytes
First seen:2021-09-04 01:56:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 193b8a18b82d2d8f5b36c7239901d2c7 (4 x ArkeiStealer, 3 x Glupteba, 3 x Stop)
ssdeep 6144:SRKRFIS4kj3QLCaQXoAr+XJXMRgo3/RA+4JWQlXdMiQOC:NOS4kj3/aQ4AeJMRgY/RKJRtvQO
Threatray 405 similar samples on MalwareBazaar
TLSH T10664AE306691C039F1F721F859BA93B879297EA16B2490CF92C42AEE07346F5EC31757
dhash icon 8eb1ec9eb6dcf9a6
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://pcfullversion.net/advanced-bat-to-exe-converter-pro-crack/
Verdict:
Malicious activity
Analysis date:
2021-09-04 01:40:56 UTC
Tags:
opendir trojan loader rat redline stealer vidar evasion raccoon
Link:
https://app.any.run/tasks/35df2aed-0574-4904-abc0-9cf35377e933

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/185240/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
DNS request
Connection attempt
Sending an HTTP GET request
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Searching for the window
Sending a UDP request
Launching a tool to kill processes
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c50cbd20-1d1c-491c-b249-7f2d3edcf521
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/845108
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f839282d220070e3ff6d1467515862a17dfda7afec2420ea6427106510375428/
Threat name:
Win32.Trojan.Sabsik
Create hunting rule
Status:
Malicious
First seen:
2021-09-04 01:57:05 UTC
AV detection:
16 of 43 (37.21%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
0345355aeddf2ebfb4268ffbc6930eb25bd0a6ac7c29ec9392a3fa13cc9179c5
0fc23c2e005cdfed1a0380dd7a06dda83b882f8d392c7f157b783822d21d78a1
11adb6fd4fbcb8fe68033ff2bc3b8cc45b980c573f7c58be291383d5b95d6e41
2ff77816fa6b9e2fdbc630e06a003b09228f39887f8dfea7f8020d9346bd2324
719838a1192ae6b53966159da56635e7a05754eb017f2538ca3f82c580543280
9453ddc4bebb87a937e3d53d38c56814907b2862496142ccdb568f48caf2d467
d2d90f02ccd7c3fd1b46d667081529a1af8172e4a51feda461c8d250081c3548
e95fd4b1c20d7547466b404f5a9f00940e40e3c8421c3838b619adfa6bbcb4cb
+ 395 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210904-cc9t2aghbq/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Deletes itself
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
56bce56dd73e39bf34765ab7180df7f5603453dd849b42e711d23740e304cb75
MD5 hash:
217e82b4d3103941fb02b67d47618c89
SHA1 hash:
6b5a5b5f25eefaa6739b7cde771b09d5a8f62532
Link:
https://www.unpac.me/results/1ad748c3-cfb3-4400-9ca2-a80ca367b884/
SH256 hash:
f839282d220070e3ff6d1467515862a17dfda7afec2420ea6427106510375428
MD5 hash:
6c50fc84c420a224de621d2e2a38d7ac
SHA1 hash:
eef881cab8ac1b63047836ef9aabaf85d4c7f204
Link:
https://www.unpac.me/results/1ad748c3-cfb3-4400-9ca2-a80ca367b884/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/f839282d2200/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f839282d220070e3ff6d1467515862a17dfda7afec2420ea6427106510375428

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f839282d220070e3ff6d1467515862a17dfda7afec2420ea6427106510375428

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/185240/

Comments


Avatar
zbet commented on 2021-09-04 01:57:00 UTC

url : hxxp://194.145.227.159/pub.php?pub=azed/