MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff4ce1d3f5505f474fe7ccd88f0bb67146d90be5e64c22d3147fd9d098a635b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff4ce1d3f5505f474fe7ccd88f0bb67146d90be5e64c22d3147fd9d098a635b8
SHA3-384 hash: 6c8b9cdc04537fb123639c73f66228bc83368259a3eb317fa1dee20301da0a7e9ede03bd2f2d646b5f254d51cb91433d
SHA1 hash: f967d0e10292e69e05efffaa48c53c035f3afdd2
MD5 hash: 2ae1e4efb0e6e1d25a62346450605d36
humanhash: eighteen-zulu-colorado-speaker
File name:2ae1e4efb0e6e1d25a62346450605d36.exe
Download: download sample
File size:5'348'648 bytes
First seen:2022-02-08 18:49:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 98304:2lCZZk/Ydm8IEun9OFWZb2rgD7gDTtzOaqrAqGGrSc7Fo6NZRAJF6vinST:SCgqAb2MvgDnqrA327fRAJlnST
Threatray 1'441 similar samples on MalwareBazaar
TLSH T155363331F956CCF1E67411392524EA92A87F7E202F24C68E534CB05959F37818BE8F6B
File icon (PE):PE icon
dhash icon dd6e339fe75b332d (3 x RedLineStealer, 2 x CoinMiner)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
153
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/238497/
Detection(s):
SecuriteInfo.com.Gen.Variant.Razy.582340.18684.14597.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the %temp% subdirectories
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/6396/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware overlay packed setupapi.dll shdocvw.dll shell32.dll update.exe
Link:
https://www.filescan.io/uploads/6202bbad845a69d7734eca60/reports/ac0f3466-c20f-458f-b7c5-846aa2d4bce6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/b458a6ad-4355-4366-a270-36cb7925ad82
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/936529
Signature
Multi AV Scanner detection for submitted file
PE file has nameless sections
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff4ce1d3f5505f474fe7ccd88f0bb67146d90be5e64c22d3147fd9d098a635b8/
Threat name:
Win32.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2022-02-08 18:50:32 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
051243b7e0082007493c576d3b896cbf3eeec3cf9572ee669ee0f4d7dca0570d
180c47dcded98430295ccb8e7bc11ccf74c5b524f36ff943e813abb374aee42c
66626e96234ecf2d900ee0fb9d1e74922d80e4438437c7424df04e0eb25a9e53
6836b39eb57f71a5dc4140f49c9b2cc26de967460c42faad48ef88eeb50ba674
7387dda5e2f645e2bdb9c2b366b4917a52a0535800580deb50f28e6790418ec9
dee5fa01f5f31868f131fb518880eae43324acc873b2c04f8bcd98bf771be3af
e9f1d411e9f40b3050fd6bec3caf316b0986bce3f8185b6529efc6586800fd4a
+ 1'431 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220208-xgyb1sdbhr/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Unpacked files
SH256 hash:
ff4ce1d3f5505f474fe7ccd88f0bb67146d90be5e64c22d3147fd9d098a635b8
MD5 hash:
2ae1e4efb0e6e1d25a62346450605d36
SHA1 hash:
f967d0e10292e69e05efffaa48c53c035f3afdd2
Link:
https://www.unpac.me/results/2c2a1857-fcbf-4b97-a9a7-79d36d2be045/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ff4ce1d3f5505f474fe7ccd88f0bb67146d90be5e64c22d3147fd9d098a635b8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1995759/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/238497/

Comments