MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc268662edbe596dd986f418d8a12e492040ed094f0ca43cd68471c632597fa5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc268662edbe596dd986f418d8a12e492040ed094f0ca43cd68471c632597fa5
SHA3-384 hash: 75b135cb1c67b983566556e139d6c60d48fa8db517f09952a9e1fe6d8673ebb5651e07c6227ae8e853507a69edcb5e3e
SHA1 hash: db8f4df2904037a4b08e0a96d7227b3685c2c334
MD5 hash: 820ec2155e2a2c334dd481b13b46fc29
humanhash: happy-pasta-hotel-glucose
File name:Djiepy.exe
Download: download sample
File size:1'710'080 bytes
First seen:2022-10-24 11:38:04 UTC
Last seen:2022-10-30 07:17:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:sPWrzaDcT+gpOSr6ciOfCmT/bIIaf2p2eqmWSPM/TGtrq/I5+Ub+mIjDOcQRidHw:kYTiO+Im2p2VOnREW+XDO8JlZxNY
Threatray 3'124 similar samples on MalwareBazaar
TLSH T120857CF890BB04C6E8075DC1597CBDF6073232B38DE905D4137D7A484FAB9B9A948A4B
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 1f195b5a5b6f777f (12 x AgentTesla, 2 x AZORult, 2 x PureCrypter)
Reporter cocaman
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Djiepy.exe
Verdict:
No threats detected
Analysis date:
2022-10-24 11:38:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ce4d7705-7bca-40d0-a7be-0f2c5e3409ee

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/323359/
Detection(s):
SecuriteInfo.com.PUA.EmbeddedEXE-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Unauthorized injection to a recently created process
Creating a file
Sending a custom TCP request
DNS request
Using the Windows Management Instrumentation requests
Creating a file in the %temp% directory
Reading critical registry keys
Stealing user critical data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f1e4dff9-cc54-475b-9468-c12ebe9816f2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1096462
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc268662edbe596dd986f418d8a12e492040ed094f0ca43cd68471c632597fa5/
Threat name:
ByteCode-MSIL.Trojan.Scarsi
Create hunting rule
Status:
Malicious
First seen:
2022-10-24 04:49:19 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
5
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7qtimyxnxzmw3wmg6qmnrijojeqeb3ijj4gkipgwqry4mmszp6sq._file
Verdict:
malicious
Similar samples:
431259109385ec63af8de3962a7439e71c9361c30051ac30febcda57114e201a
588572e37df45867b14d17b7892c5337ecce9e618b43ae6aae8ab187c35bbc92
64854c11c2c3c634f7d18cb2bcb8890edb99ef0361c07863225b4a47f74a0c8a
65974a49b0f427641f96866baacf2ab54717f613adc747812061bb05e4dde779
6d62cebf308b5ab873d98e0447c68f936bc34addeb924eb8ef972072ca13d4bf
8785300bc02bbf034417c477db91c121123b31b1eaf24fc0f74ee11e11ec058c
9c348075ed5b4586cb68c9d794189661b4bcb53c86eff81afd634e29ef9e8369
b78d348dc8a28e80d79acd9118ea488c502a18c30b211a03edd4cfd59715090f
dbd4736b621996ab0aecc24904d7e2df5180729f7b9944ff6c7d06daa0646bce
+ 3'114 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
collection spyware stealer
Link:
https://tria.ge/reports/221024-nr99wsgdfp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Checks computer location settings
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
fc268662edbe596dd986f418d8a12e492040ed094f0ca43cd68471c632597fa5
MD5 hash:
820ec2155e2a2c334dd481b13b46fc29
SHA1 hash:
db8f4df2904037a4b08e0a96d7227b3685c2c334
Link:
https://www.unpac.me/results/1e56547f-02d2-4e87-a9eb-6dbdb8377286/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/fc268662edbe596dd986f418d8a12e492040ed094f0ca43cd68471c632597fa5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

z 53bb765933ff93db7984c118e047fa09e873e17010160245c27daca881c93da6

Executable exe fc268662edbe596dd986f418d8a12e492040ed094f0ca43cd68471c632597fa5

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 53bb765933ff93db7984c118e047fa09e873e17010160245c27daca881c93da6
Cape
Cape
https://www.capesandbox.com/analysis/323359/
  
Dropped by
MD5 d82f9e5de9aa8dae1fda64dfdc9060c4

Comments