MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9fa7707c2b699b79b0fe5948d0de10e4242220c0fd7c76062cf46fcb53f44ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9fa7707c2b699b79b0fe5948d0de10e4242220c0fd7c76062cf46fcb53f44ae
SHA3-384 hash: fd53573f30a1e779b9c03cdc2e366e8bd1bafc3aad8068b49fde604e09ddf9bbbaa90e94c81b10a7877906dd2c4a0035
SHA1 hash: e2b8a8b51c349e8c320774dab4b9dfa5ebc11742
MD5 hash: f43ab0f92340b89c74af85b624672dbe
humanhash: cold-mike-fruit-lemon
File name:SecuriteInfo.com.W32.AIDetect.malware1.30948.23503
Download: download sample
File size:353'792 bytes
First seen:2021-03-11 12:43:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9c2408c4e289059dc1f7339d62dec625 (2 x RaccoonStealer, 1 x Formbook)
ssdeep 6144:GXqM9G5eUxod6dBI25h+LWKd8akIqX1Xxv6rEO5+Vo7o3Q:GX9Y5eUxo6BIO8Sis96Ay/
Threatray 26 similar samples on MalwareBazaar
TLSH EC74AF10BBE0D434F6B612B88A75C3B96739BDB06B2495CF52D52BEA56742E0EC30317
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.AIDetect.malware1.30948.23503
Verdict:
Suspicious activity
Analysis date:
2021-03-11 12:44:13 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/de162331-e104-4052-ad26-2e77f109da3e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/123795/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.30948.23503.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a window
Sending a UDP request
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/636810
Signature
Delayed program exit found
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f9fa7707c2b699b79b0fe5948d0de10e4242220c0fd7c76062cf46fcb53f44ae/
Threat name:
Win32.Dropper.Scrop
Create hunting rule
Status:
Malicious
First seen:
2021-03-11 11:33:34 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  3/5
Verdict:
malicious
Similar samples:
28ddbac06dfbd1d0e8240b60dd28693b2e8ce8ddd1f0cac4bcf9f3d51f2a0ac7
6bfb41ac8df840797e06a7da047dd349e7c4dbf75804f4ef2f3a9eb06daa2e38
8cec146d7a7b594cf7748b35c63ea1fed2c994ef2cdbb5731f1b15d9c9fa1ee3
a06a77bd973a602f49aff3fa3a116c62d38f0e0c1842e9dca97531a68d1a3884
a356d92ade4d8d537ea6dfabe765d4cd2ff851faae1d4551b91e50b47aac216f
c84d98524bf72eac034a406063c9d25b3bceb254d3d03f1d68e018320c2fb506
c8a30abef2939b6c3b6193feffbaf8ba4a87c79fc32e71b10b94bbdb8e1e238f
eca5123a9c6fac8fa6d93a9f12ed7009ab816177eeb100e5ff27c3b4ff79d4a2
f5acccf9cda0f0ff2063de3983bc8964b9020d30feff2e3a8b20800d3c4fe034
fc2a8472021c1f37e7ba14fd51259d37d10bd030ecd33134ebf42d3279ab860a
+ 16 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210311-xl5xrc9lre/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
a56d515897f4d9d336602a1809949629f0e79e1fa0d55154b3b1121fb6138085
MD5 hash:
b3d3f51c4249eeaa7d5245ea4f8c7460
SHA1 hash:
2a3627e3aeeab195eec76c2a65394d178c954f9f
Link:
https://www.unpac.me/results/1563948d-a1d4-406b-8007-cde545869d30/
SH256 hash:
f9fa7707c2b699b79b0fe5948d0de10e4242220c0fd7c76062cf46fcb53f44ae
MD5 hash:
f43ab0f92340b89c74af85b624672dbe
SHA1 hash:
e2b8a8b51c349e8c320774dab4b9dfa5ebc11742
Link:
https://www.unpac.me/results/1563948d-a1d4-406b-8007-cde545869d30/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f9fa7707c2b699b79b0fe5948d0de10e4242220c0fd7c76062cf46fcb53f44ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f9fa7707c2b699b79b0fe5948d0de10e4242220c0fd7c76062cf46fcb53f44ae

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1061031/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/123795/

Comments