MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f898e35329ae242f1f8c0e64efde783e9742671336598ad9824073decae40f4a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f898e35329ae242f1f8c0e64efde783e9742671336598ad9824073decae40f4a
SHA3-384 hash: 274f9d029b0c5ce4af52a9cd61d6d235c814d4e1a8f0cf4966fad0d6c471994e0c884fcc3b750719c794f5dec0fcdd64
SHA1 hash: eac9ca0ee7a9793b5d419c61f48660c7d7e7c1c4
MD5 hash: 58c04f58f473da2670fc487cd2bb4906
humanhash: helium-missouri-nitrogen-alpha
File name:58c04f58f473da2670fc487cd2bb4906.exe
Download: download sample
File size:588'288 bytes
First seen:2022-03-26 06:46:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e8b02652dda4770f34817322f629975c (3 x Smoke Loader, 3 x Worm.Ramnit, 2 x RedLineStealer)
ssdeep 12288:uPaY0U4t3vD6JGQxvsVuKLevOnV/zNuxTxjc34u:40vZeh1sMUBnBsxdjcd
Threatray 54 similar samples on MalwareBazaar
TLSH T19DC4F110BB90C035E1B761F4497AD3AC793E7EB16B6454CB22E25AEA42345E0FC3235B
File icon (PE):PE icon
dhash icon b2dacabecee6baa6 (148 x RedLineStealer, 145 x Stop, 100 x Smoke Loader)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
216
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/257991/
Detection(s):
Win.Dropper.Generickdz-9939781-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Rewriting of the hard drive's master boot record
Result
Malware family:
n/a
Score:
  0/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/11498/overview
Behaviour
MeasuringTime
SystemUptime
EvasionQueryPerformanceCounter
EvasionGetTickCount
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/623eb6fc9253b276b775a35f/reports/c4407826-6131-4b7f-8b96-ad611d812a8d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Pitou
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/80925733-6f66-4f95-8bf6-51de62ffd37d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/965040
Signature
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f898e35329ae242f1f8c0e64efde783e9742671336598ad9824073decae40f4a/
Threat name:
Win32.Trojan.Raccrypt
Create hunting rule
Status:
Malicious
First seen:
2022-03-26 06:47:13 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
29df2cefbc041241f2c2c3782682951d252633926b3929a927648cd3b55dc64b
2b7c46cb10900dd2840380802ed77aa77c337265cd9b3fcdeaf85361dc92525c
3c6d3d8d1d1cd0e7503c141e407c2d0f13f87b5b76dac2cff033baa027033e1c
770f8cd0cae0a7525234dfc5b25f21b90090513d3f80fa06e8c22107ca8bbe01
7e95736b12f455cd096c0eff4a9dfa5b4e3c8108c55464447868ba4351e91fbb
7f7d7ad866610022b5482e175cd7e2c655666aaefb4b5038ff524e7336b86825
a09cbb1704807a612702a6fd63c2c58d096da4c99034be7fc1d92bc5ef7bfc1b
b1a3602f2628080fa758575fba82bf62fd7de058055a9491f9eac87fda31a2e5
ce1ab55a70d98baf0f844e1bc21f376ff356ddb9067523f908315934c346737a
fae0a0d40cb12f14a4eeaee7171c948688bed15ec8718de8c65834023ecac97f
+ 44 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
bootkit persistence
Link:
https://tria.ge/reports/220326-hj9eqshdg7/
Behaviour
Writes to the Master Boot Record (MBR)
Unpacked files
SH256 hash:
e4525e11db14618785e204cb87842eb4f71a0dd3fde7508475254181daf4817c
MD5 hash:
7b1c1ce13434e6d54c42f3f9ac46d0e4
SHA1 hash:
77ebad305f9c6e0c02ac6414ec47924934624ba4
Link:
https://www.unpac.me/results/d63e95b2-c264-40c2-bbc6-c159e86e4483/
SH256 hash:
f898e35329ae242f1f8c0e64efde783e9742671336598ad9824073decae40f4a
MD5 hash:
58c04f58f473da2670fc487cd2bb4906
SHA1 hash:
eac9ca0ee7a9793b5d419c61f48660c7d7e7c1c4
Link:
https://www.unpac.me/results/d63e95b2-c264-40c2-bbc6-c159e86e4483/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/f898e35329ae/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f898e35329ae242f1f8c0e64efde783e9742671336598ad9824073decae40f4a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/257991/

Comments