MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 21989a16f64302716a565599f469f5a97fb4a1b14ff6ed1896d2650866e12d6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 21989a16f64302716a565599f469f5a97fb4a1b14ff6ed1896d2650866e12d6c
SHA3-384 hash: 0fc191e7c404db818bdac589d7670414bfdf7d2f204014ba634497f49c9516e3822cbb7fc243f44bbc8d4c29e511b396
SHA1 hash: d566450d11dff5ac3611c4215b28fef2a14a0d8c
MD5 hash: 5c09c68b5bb3996f903218bc0e101025
humanhash: whiskey-delaware-nebraska-violet
File name:kpryt.bin
Download: download sample
Signature n/a
File size:567'296 bytes
First seen:2020-07-31 13:23:12 UTC
Last seen:2020-07-31 13:57:22 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 7658fa23ac9e3f8896f3726747393f18
ssdeep 12288:FgauDJjeviPILmzXPQb6HZBTPNvAy1We8Nng1LKhks2sn6473Y+6Ob6OmQ0:aauDJj6iPILmzXPQb66K8NQKhksUEYj7
TLSH 0FC4AE11B6C1C072D43F01301D6ABB602AAEBC710C68559B6BD8767F5FB1581EB23B6B
Reporter @JAMESWT_MHT

Intelligence


File Origin
# of uploads :
2
# of downloads :
37
Origin country :
IT IT
Mail intelligence
No data
Vendor Threat Intelligence
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
25 / 100
Signature
(
)
,
a
C
d
e
f
h
i
l
m
n
o
r
s
t
u
v
w
y
Behaviour
Behavior Graph:
behaviorgraph top1 process2 2 Behavior Graph ID: 255384 Sample: kpryt.bin Startdate: 31/07/2020 Architecture: WINDOWS Score: 25 5 loaddll32.exe 1 2->5         started        process3 7 rundll32.exe 5->7         started        10 rundll32.exe 5->10         started        signatures4 12 Contains functionality to detect virtual machines (IN, VMware) 7->12
Threat name:
Win32.Trojan.Predator
Status:
Malicious
First seen:
2020-07-31 13:25:20 UTC
AV detection:
17 of 31 (54.84%)
Threat level
  5/5
Result
Malware family:
donot_downloader
Score:
  10/10
Tags:
rat family:donot_downloader
Behaviour
Suspicious use of WriteProcessMemory
Modifies system certificate store
Blacklisted process makes network request
Donot APT Downloader
Threat name:
Dropper
Score:
0.80

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments