MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff9e53c38643b8c4ce62c4e318fe364f6075731aa258b02d56eb64378761e36e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff9e53c38643b8c4ce62c4e318fe364f6075731aa258b02d56eb64378761e36e
SHA3-384 hash: e6ab6433218b3a5c2409734064614a9a0e7a73dc467e2ec5f7ef01dd9f8a82ea1998c5e326d3263e063136303ba4c6db
SHA1 hash: 06d4ad157d822a8fa2b0aa04a3b2570e2ea0d9cb
MD5 hash: 17f9fef64c857ea80c788ac85e780f26
humanhash: fix-berlin-bulldog-maryland
File name:file
Download: download sample
File size:2'970'443 bytes
First seen:2023-12-10 21:06:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 94af7f0728c275a2ef6a6a6c552117f9
ssdeep 49152:B8lGRFuNzHwqFE5sBw16ivt5Ym/Wr7pEodoiAF3y5x7duWFoX6Iip7XB405f:B8cuNbwqFTwRtSm/8HyJyj7MWF8Ri5BV
Threatray 1'198 similar samples on MalwareBazaar
TLSH T138D533417CD8C4F6C977123087DB7FFC8AF683250F49859B6390094AEE39796E10EA69
TrID 38.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
13.0% (.EXE) Win64 Executable (generic) (10523/12/4)
8.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon 848c5454baf47474 (2'088 x Adware.Neoreklami, 101 x RedLineStealer, 33 x DiamondFox)
Reporter andretavare5
Tags:exe


Avatar
andretavare5
Sample downloaded from https://IOIOUOIUOUOUIYJGROUP.SBS/setup294.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
282
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/464799/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop11.51878.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Launching cmd.exe command interpreter
Сreating synchronization primitives
Launching a process
Sending a custom TCP request
Gathering data
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
installer lolbin overlay packed sfx shell32
Link:
https://www.filescan.io/uploads/657628773636548f3748ceb0/reports/29102623-dd4d-4f49-874d-fc69919deedd/overview
Verdict:
Malicious
Labled as:
Trojan/Zenpak
Link:
https://www.hybrid-analysis.com/sample/ff9e53c38643b8c4ce62c4e318fe364f6075731aa258b02d56eb64378761e36e
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raspberry Robin
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/188b2120-eb21-44aa-a37b-4b7dba6992ff
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1357767
Signature
Antivirus detection for dropped file
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1357767 Sample: file.exe Startdate: 10/12/2023 Architecture: WINDOWS Score: 60 27 Antivirus detection for dropped file 2->27 29 Machine Learning detection for sample 2->29 31 Machine Learning detection for dropped file 2->31 33 PE file contains section with special chars 2->33 10 file.exe 3 2->10         started        process3 file4 25 C:\Users\user\AppData\Local\...\aFXlzSyH.Cpl, PE32 10->25 dropped 13 cmd.exe 3 2 10->13         started        process5 process6 15 control.exe 1 13->15         started        17 conhost.exe 13->17         started        process7 19 rundll32.exe 15->19         started        process8 21 rundll32.exe 19->21         started        process9 23 rundll32.exe 21->23         started       
Score:
94%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/ff9e53c38643b8c4ce62c4e318fe364f6075731aa258b02d56eb64378761e36e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff9e53c38643b8c4ce62c4e318fe364f6075731aa258b02d56eb64378761e36e/
Threat name:
Win32.Trojan.CrypterX
Create hunting rule
Status:
Malicious
First seen:
2023-12-10 22:26:40 UTC
AV detection:
17 of 37 (45.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=76pfhq4gio4mjttcytrrr7rwj5qhk4y2ujmlalkw5nsdpb3b4nxa._file
Verdict:
unknown
Similar samples:
38cb682434ca27e46d28f7ef1cad2d013e4ead308df1ec54be24df365b1d8e44
8774dd5ae5bcc91c114321cc215b7fcf5615d614000ee966e2d7e1d1aa8efb70
a097aa64b069e4892760f90bd2ac353639d74e850f0b2005fe5ed370c3fc37dc
b586cd5cc5bbadea857316df1beef274e754c31be660ea66a411c55510cb17ec
f2032c85b0d5825e4da9fc5ca41706c6830f1eab076327c6f0f2e663053f9066
ff9e53c38643b8c4ce62c4e318fe364f6075731aa258b02d56eb64378761e36e
+ 1'188 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/231210-zyandscdhn/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
ff9e53c38643b8c4ce62c4e318fe364f6075731aa258b02d56eb64378761e36e
MD5 hash:
17f9fef64c857ea80c788ac85e780f26
SHA1 hash:
06d4ad157d822a8fa2b0aa04a3b2570e2ea0d9cb
Link:
https://www.unpac.me/results/533d4efd-7cff-45de-a7b3-0ba588e34ff9/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2738653/
  
URLhaus
https://urlhaus.abuse.ch/url/2738682/
Cape
Cape
https://www.capesandbox.com/analysis/464799/

Comments