YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash d1ff7ff26271bb7af7f4a464493994cc6d62de4e105898c0306d27e95120bb02.

SHA256 hash:	d1ff7ff26271bb7af7f4a464493994cc6d62de4e105898c0306d27e95120bb02
File size:	11'227'136 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	eec89314d388ea1e4ef6934f1942c779
SHA1 hash:	a4a3907cbf907d894ff663c20d7fb9f450b26ed2
SHA3-384 hash:	04dbb47ca174fa1e45954884417f0cd897d1d02db07235236f8375ad2497667a287cb3a6d0e692cb9c7bf21aa403b5f8
First seen:	2022-07-26 11:27:49 UTC
Last seen:	Never
Sightings:	1
imphash :	0901266657d602fff9c7d9a865574642 Create hunting rule
ssdeep :	196608:yMCoDTKxIijKJnEGW3jj7mqhtSnqfB3tUtWVSpWSjz3sZggvR0K1:ydxIXJniSgtfPU0SpWS/g51
TLSH :	T123B623B362610196E0E5CC3A8537BDE131FB43078B42ACBB75DF6AC125225E4E327697 Create hunting rule
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore Create hunting rule
Author:	ditekSHen
Description:	Detects executables containing SQL queries to confidential data stores. Observed in infostealers
TLP:	TLP:WHITE
Repository:	diˈtekSHən

Rule name:	RaccoonV2 Create hunting rule
Author:	@_FirehaK <yara@firehak.com>
Description:	This rule detects Raccoon Stealer version 2.0 (called Recordbreaker before attribution). It has been spotted spreading through fake software cracks and keygens as far back as April 2022.
TLP:	TLP:WHITE

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2022-07-26 11:27:49 UTC Static: 2 Unpacker: 0 ClamAV: 0