MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb4e1ee6f7fb1b22dd7b4f011ffadab81337cfe2d8171219b49df67e814ce5ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb4e1ee6f7fb1b22dd7b4f011ffadab81337cfe2d8171219b49df67e814ce5ef
SHA3-384 hash: cdd51c6e0d176a19cfc68418eef71e2078f81dbc13335af88aad04c94003ed585c01259331d9b4f9102a89a7d173eef2
SHA1 hash: 4aaf5438a6e765af5e7bc370d4245ee5678dee65
MD5 hash: 2db0b5a09292133e794322cb14639b2c
humanhash: leopard-kansas-sodium-iowa
File name:2db0b5a09292133e794322cb14639b2c
Download: download sample
File size:682'440 bytes
First seen:2021-10-07 21:21:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 12288:8zxzTDWikLSb4NS7ET+tG1XbHaawAphVGc+rxanaDN7OjeQ1:6DWHSb4Nhh6iVGc+rxanSOyC
Threatray 997 similar samples on MalwareBazaar
TLSH T113E40102FDC185B2D5610C36156AAB51697DBD201F24CEEBB3D86E2DE9311D0BB30BA7
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
243
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2db0b5a09292133e794322cb14639b2c
Verdict:
Malicious activity
Analysis date:
2021-10-07 21:24:36 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ce0b9932-6e69-4301-bce6-b43444023445

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/195968/
Detection(s):
SecuriteInfo.com.Gen.Variant.Razy.582340.18684.14597.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Enabling autorun by creating a file
Gathering data
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2e1a2b71-ecc0-4422-8826-6b0a966c3379
Result
Threat name:
Unknown
Detection:
malicious
Classification:
adwa
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/866715
Signature
Antivirus detection for dropped file
Drops PE files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb4e1ee6f7fb1b22dd7b4f011ffadab81337cfe2d8171219b49df67e814ce5ef/
Threat name:
Win32.Hacktool.Pucrpt
Create hunting rule
Status:
Malicious
First seen:
2021-10-04 20:27:53 UTC
AV detection:
27 of 45 (60.00%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
6a0d05477e23fc1152067fc51d50a044bccf0e0a0654dbae1864df792400e935
88771c803925c9b53a6eeedbf38e34bbb20cc6ab5861ca8789b1efbdda0cbbb2
a5e7fc18a5e344a7f398d03f8b4e2cf0f2579e4d70c90915376e066cec01505a
aaa3cda8d3f4bc7ff94a3e4f0fd37aced9d484b663bc15f198e6e25482f60443
b97c0637f9e4666bc0c4875a83f3224b241056be6fd34b32c52911bcf5841195
be163731cfe152309f2f36332968aa275edef44ede0544d9fa37d26ce530cb77
c310aca2959669fdb69fdec4c1336353d84b7ae9b8767a1086be3591b4af32f0
cd80318bc4c724934435231e72cbf7cbf5942df8b36e480603237e2ed08d4a93
d684eb2255665b6953a3ce3f23721d4130987ffa61ad69482fd706392ab9bf3e
e3df75eda0f3fff88f4ab98a687f7ec50b1adde27dbb1bb0947f96892eebf493
+ 987 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/211007-z7wxzsdbcl/
Behaviour
Drops startup file
Unpacked files
SH256 hash:
26d2c7f88a43271e2de4ab6cb2460ae11a6fe43d66aed3df12acdda3dbcdd79f
MD5 hash:
28fdb9acd5f7b528c3a0752f4615dcf9
SHA1 hash:
bce4325e69902bf1b1a2d9e3924b5b4ced9291ca
Link:
https://www.unpac.me/results/1a7a8b25-9431-4f23-87bf-b1e92416b71e/
SH256 hash:
fb4e1ee6f7fb1b22dd7b4f011ffadab81337cfe2d8171219b49df67e814ce5ef
MD5 hash:
2db0b5a09292133e794322cb14639b2c
SHA1 hash:
4aaf5438a6e765af5e7bc370d4245ee5678dee65
Link:
https://www.unpac.me/results/1a7a8b25-9431-4f23-87bf-b1e92416b71e/
Malware family:
RedLine.B
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/fb4e1ee6f7fb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb4e1ee6f7fb1b22dd7b4f011ffadab81337cfe2d8171219b49df67e814ce5ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fb4e1ee6f7fb1b22dd7b4f011ffadab81337cfe2d8171219b49df67e814ce5ef

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1660206/
Cape
Cape
https://www.capesandbox.com/analysis/195968/

Comments


Avatar
zbet commented on 2021-10-07 21:21:52 UTC

url : hxxp://f0565382.xsph.ru/SteamWebHelper.exe