MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2882a3ea96a1a8ecb97c338a9903d110b1f2859bd424e6e34153667b29d876c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	2882a3ea96a1a8ecb97c338a9903d110b1f2859bd424e6e34153667b29d876c8
SHA3-384 hash:	4bbaa97e30c4a3e6c7384d93421c1b8462a13874ac27e6bce3938be23151c07d06399299f8452791bdb1124427d8e88a
SHA1 hash:	b7b14c8582c2cc3e9dbb39b41b30d9e486a3068a
MD5 hash:	c9e4c8c907fee4a6198be915096a3514
humanhash:	mockingbird-coffee-oscar-equal
File name:	2882a3ea96a1a8ecb97c338a9903d110b1f2859bd424e6e34153667b29d876c8
Download:	download sample
File size:	2'075'884 bytes
First seen:	2020-06-03 09:42:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep	49152:xvf6MKhTI5IJ9q+OKBhkjT32wfhp3HQt8OY3Ya:xtKhTI5IJY1jrv2WOMYa
Threatray	12 similar samples on MalwareBazaar
TLSH	18A5D0BA2C3950D6EC0A38FEC7D752CF454DB6AC59CF370226505E67430E4ADA1A1BB2
Reporter	raashidbhatt
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

56

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Zusy

Status:

Malicious

First seen:

2020-06-04 00:46:00 UTC

AV detection:

27 of 31 (87.10%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

17c1432427baae5d78a79ec3b031e7bd1cccdd7aa87f8334d828ed15669b8337

2a8b84761200ff05a63ccc2f2f8d2d95e55bacbf3dfa425b6d0a1d0228fb8078

3e033f4fa5d62a4e9b5eb35d21b2859adbfd67411bd9c1be212c4a5de26afddb

5e65e89ec413345a3e2b5476b6e639423e955aa3a34e36d82d621ed15e53383e

6057a10b27aebb92f7d961ce23929dc41579f6da1dcbf28572d8c5f0ffac488b

632562060da02f7ed5e92b1fe1bd94ce8d993cb134e93f8294beade2f0f42974

739d40c80783a52ae341907b2996cac8a4a51189c176d9e3270a74c3e9d7779b

758c9e9642b467c181548b07d7d47e32e2e37ce7298e0d89674fdbcbe13eb50e

ef9a7d180675555b686e1c20b4a361bba647fb1b9248fb0b83ca034a6ddb6755

f5f22da770bfd33da2fa26f353f66a96cb4fa0304b885949db4b2b50113b090a

+ 2 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

evasion persistence

Link:

https://tria.ge/reports/201109-v7cswgexye/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Drops file in Windows directory

Drops file in System32 directory

Modifies service

Suspicious use of NtSetInformationThreadHideFromDebugger

Adds Run key to start application

Checks BIOS information in registry

Identifies Wine through registry keys

Loads dropped DLL

Executes dropped EXE

Identifies VirtualBox via ACPI registry values (likely anti-VM)

ServiceHost packer

Modifies visiblity of hidden/system files in Explorer

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample