MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd19f74934073d1fbd7801b6216c55857af494226b4627c7641e9332ded83c2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd19f74934073d1fbd7801b6216c55857af494226b4627c7641e9332ded83c2b
SHA3-384 hash: 5f0c36493c0d1b1f6ceecbf5df3e44e8fc27f490650e6169fb0766c892fe14afbc389dbe35c67c9326c58a2947f55c5f
SHA1 hash: 30b71f9176a4fc7f5983621fb1cf78e83221c6f5
MD5 hash: cdd1e74513490d49a0dfd8da1dc8fff7
humanhash: football-violet-william-skylark
File name:54 45 53 54.exe
Download: download sample
File size:8'152'386 bytes
First seen:2021-07-02 12:15:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash de1fa96ad5bc81910ffb7ed552e29d0d (1 x RedLineStealer, 1 x Gh0stRAT, 1 x Blackmoon)
ssdeep 196608:S2ZzguBQ8IvfVilWy9K+8OgJLcvHXPp10ia1p8Xxq022t:SXEAalAigJLiAiIp8Bq022t
TLSH 1A86334AD9D96439D1652E7CAC06A38F2F74BE140C03D15FEBE8AF0F1C798C54668AC6
Reporter Anonymous
Tags:exe


Avatar
Anonymous
Retrieved from http://enderkitty.net/54%2045%2053%2054.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
54 45 53 54 (1).rar
Verdict:
Malicious activity
Analysis date:
2021-04-15 08:39:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/433d9f8e-d20a-4e64-b4c8-3390cbc84bb9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/169369/
Detection(s):
Win.Malware.Johnnie-6858836-0
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
MadoMiner
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/410d4df4-bb3c-4326-b56b-fc92716b7d75
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/811079
Signature
Deletes itself after installation
Drops batch files with force delete cmd (self deletion)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Copying Sensitive Files with Credential Data
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 443490 Sample: 54 45 53 54.exe Startdate: 02/07/2021 Architecture: WINDOWS Score: 68 47 Multi AV Scanner detection for dropped file 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 Drops batch files with force delete cmd (self deletion) 2->51 53 Sigma detected: Copying Sensitive Files with Credential Data 2->53 8 54 45 53 54.exe 1 28 2->8         started        process3 file4 29 C:\Users\user\AppData\Local\...\xsfxdel~.exe, PE32 8->29 dropped 31 C:\Users\user\Desktop\...\2.bat, DOS 8->31 dropped 33 C:\Users\user\Desktop\...\1.bat, DOS 8->33 dropped 35 11 other files (none is malicious) 8->35 dropped 11 cmd.exe 1 8->11         started        13 xsfxdel~.exe 8->13         started        process5 signatures6 16 xcopy.exe 2 11->16         started        20 cmd.exe 1 11->20         started        22 conhost.exe 11->22         started        55 Deletes itself after installation 13->55 process7 file8 27 C:\Users\user\Desktop\2.bat, DOS 16->27 dropped 45 Drops batch files with force delete cmd (self deletion) 16->45 24 xcopy.exe 23 20->24         started        signatures9 process10 file11 37 C:\Users\user\AppData\Local\...RR0R422.exe, PE32 24->37 dropped 39 C:\Users\user\AppData\Local\...\lwjgl64.dll, PE32+ 24->39 dropped 41 C:\Users\user\AppData\Local\...\lwjgl.dll, PE32 24->41 dropped 43 7 other files (none is malicious) 24->43 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd19f74934073d1fbd7801b6216c55857af494226b4627c7641e9332ded83c2b/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-01-26 20:04:32 UTC
AV detection:
10 of 29 (34.48%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
upx
Link:
https://tria.ge/reports/210702-bw251181a2/
Behaviour
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Deletes itself
Loads dropped DLL
Executes dropped EXE
UPX packed file
ACProtect 1.3x - 1.4x DLL software
Unpacked files
SH256 hash:
fd19f74934073d1fbd7801b6216c55857af494226b4627c7641e9332ded83c2b
MD5 hash:
cdd1e74513490d49a0dfd8da1dc8fff7
SHA1 hash:
30b71f9176a4fc7f5983621fb1cf78e83221c6f5
Link:
https://www.unpac.me/results/1aad534e-c92f-4bfb-9320-b63fc98ab7b5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fd19f74934073d1fbd7801b6216c55857af494226b4627c7641e9332ded83c2b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fd19f74934073d1fbd7801b6216c55857af494226b4627c7641e9332ded83c2b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1419510/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/169369/

Comments