MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8ffa7ba17306839ea6e2c40602c3ca5b459b8975f33580e5442af99f374fe1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8ffa7ba17306839ea6e2c40602c3ca5b459b8975f33580e5442af99f374fe1a
SHA3-384 hash: 88956035b3f1fdc70d18c5d055f7e89c65ac2df1016d2fb42a133fb584d2ee25a73284328616fdf25dba80c48358564b
SHA1 hash: 77490d8d9bd8455ed7b8f96e2030455ad3f58454
MD5 hash: dbe9fd937874dc0dd3440409f7925179
humanhash: juliet-eleven-wisconsin-fifteen
File name:SecuriteInfo.com.Trojan.Click3.26976.1393.23334
Download: download sample
File size:96'257 bytes
First seen:2023-04-29 17:27:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:SmzZrba2V1w+wCdIv4WQzWW8E3YtGJvLwZsscLNbIPLBatXNOnh:S6d7UvViW5E3YktMZssWNklat0nh
Threatray 20 similar samples on MalwareBazaar
TLSH T15E93AEFDF57AE925C48ED53A4C88C258A42AADB1FD248C5B70F2F77F103294858C662D
File icon (PE):PE icon
dhash icon a2b2aab292aab2a2
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
258
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Click3.26976.1393.23334
Verdict:
Suspicious activity
Analysis date:
2023-04-29 17:34:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/61128ff6-c382-48da-8d09-6c5715b051c6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/385676/
Detection(s):
PUA.Win.Packer.Upack-29
Create hunting rule

PUA.Win.Packer.Upack-12
Create hunting rule

PUA.Win.Packer.UPack-3
Create hunting rule

PUA.Win.Packer.Upack-37
Create hunting rule

PUA.Win.Packer.Upack-21
Create hunting rule

PUA.Win.Packer.Upack-48
Create hunting rule

PUA.Win.Packer.Upack39-1
Create hunting rule

PUA.Win.Packer.Upack-11
Create hunting rule

SecuriteInfo.com.Trojan.Click3.26976.1393.23334.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Variant.Graftor.326501.10679.21843.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Creating a file
Сreating synchronization primitives
Creating a window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/644d53be3d47a64d306b5a28/reports/fd62d57b-d7e2-464e-8386-e5c301e6f28c/overview
Verdict:
Malicious
Labled as:
GrayWare/Crypt.upack
Link:
https://www.hybrid-analysis.com/sample/f8ffa7ba17306839ea6e2c40602c3ca5b459b8975f33580e5442af99f374fe1a
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6acfb2df-f60b-4c42-a7c5-e3a866859d6a
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
42 / 100
Link:
https://www.joesandbox.com/analysis/1223474
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f8ffa7ba17306839ea6e2c40602c3ca5b459b8975f33580e5442af99f374fe1a/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7d72poqxgbudt2tofragalb4uw2ftoexl4zvqdsuikxzt43u7yna._file
Verdict:
unknown
Similar samples:
33c6038b4b571e511ae48b960a9ed78a2e18fc54ee9f956c93d1bade55e04e8b
484051fcf1d7f8de7084c7419cf49f65b85ab16642093d5c4249002e9e31a00c
6a302cdb1efa324f9fa2688866f25809ece99319f1ba3025abd50b757a17ddad
7c03519955b96e124b516c530925afc543e8a853957e336681e80eb17595a571
80b6f4260035bf83f8cafbc80b8da3263d8ed022c96509aeaa6e4a0016c6eb42
87c0d52853b4adacc1cf180c63708962b20333443e6cda059b4a3cb2087edc5e
b1e3da936d666cf9d671dd8f79e54afc8f524bccaca77e835bf611ec3038211c
dfac601a1adf9bfb8f732721db2c08461e91c5766497e951e568dbb2a718f212
e1e04dcb77d12336ab2ead9a1cb7eadae3d744b2207b6331ea3510e50ca41bb7
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230429-v11kdade3x/
Behaviour
Enumerates physical storage devices
Loads dropped DLL
Unpacked files
SH256 hash:
6ef4a380abefd25d53622111f76d6f0d10e0d3895cfeaccaebbcc580c0a5915c
MD5 hash:
7471d0db6e54decd32b89c41b999fda3
SHA1 hash:
f67413282ab81cc0109c5cd1ab49d0b025e2487d
Link:
https://www.unpac.me/results/943be0d5-8203-4858-bcc4-90016bfd71ce/
SH256 hash:
91dd8cd81628fd7b1c6e2ecabe687b5cc7746678807a2372b0f8db5ac44cc3e9
MD5 hash:
cd404cd1bc3574f79315ad532b599215
SHA1 hash:
ecf322ade58a06dfe4630fedbc819ebbb40e1212
Link:
https://www.unpac.me/results/943be0d5-8203-4858-bcc4-90016bfd71ce/
SH256 hash:
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
MD5 hash:
00a0194c20ee912257df53bfe258ee4a
SHA1 hash:
d7b4e319bc5119024690dc8230b9cc919b1b86b2
Link:
https://www.unpac.me/results/943be0d5-8203-4858-bcc4-90016bfd71ce/
SH256 hash:
2a7f33ef64d666a42827c4dc377806ad97bc233819197adf9696aed5be5efac0
MD5 hash:
a401e590877ef6c928d2a97c66157094
SHA1 hash:
75e24799cf67e789fadcc8b7fddefc72fdc4cd61
Link:
https://www.unpac.me/results/943be0d5-8203-4858-bcc4-90016bfd71ce/
SH256 hash:
36ad091dce9ef8eae9c0bff3443ccd7ff3e7b3763333f6ac32bc4502566499fb
MD5 hash:
bb23fd52f3cd4e702abb87bceb600754
SHA1 hash:
4671cf7b136eda8f9e7c19c66dec5478ac686578
Link:
https://www.unpac.me/results/943be0d5-8203-4858-bcc4-90016bfd71ce/
SH256 hash:
ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824
MD5 hash:
e54eb27fb5048964e8d1ec7a1f72334b
SHA1 hash:
2b76d7aedafd724de96532b00fbc6c7c370e4609
Link:
https://www.unpac.me/results/943be0d5-8203-4858-bcc4-90016bfd71ce/
SH256 hash:
36b58f33ca38f35222fb47f8a12bef0ddae37c13cced7fce0d5b44b049cb905a
MD5 hash:
151a968269fb4aed93809b3b15fe3cd1
SHA1 hash:
148dad1c2e93a0974907105a34271465536fb7e2
Link:
https://www.unpac.me/results/943be0d5-8203-4858-bcc4-90016bfd71ce/
SH256 hash:
f8ffa7ba17306839ea6e2c40602c3ca5b459b8975f33580e5442af99f374fe1a
MD5 hash:
dbe9fd937874dc0dd3440409f7925179
SHA1 hash:
77490d8d9bd8455ed7b8f96e2030455ad3f58454
Link:
https://www.unpac.me/results/943be0d5-8203-4858-bcc4-90016bfd71ce/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.28
Link:
https://yomi.yoroi.company/submissions/f8ffa7ba17306839ea6e2c40602c3ca5b459b8975f33580e5442af99f374fe1a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_Imphash_Mar23_3
Create hunting rule
Author:Arnim Rupp (https://github.com/ruppde)
Description:Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/385676/

Comments