MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ba1c6028593abc20b0f03b311123293b2503db0c76be21880dd26493fa0706f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information 2 Yara 1 Comments

SHA256 hash: 2ba1c6028593abc20b0f03b311123293b2503db0c76be21880dd26493fa0706f
SHA3-384 hash: 53c7221ff9bac89360d7bff96b99131e8536b9e7890a69ac95f86963ba594dabbbf1b989c20c8c7723e833ebb8cdbd8b
SHA1 hash: be2ef22941dd50d3a096811422d90a28ae48d54f
MD5 hash: 9b68fec360f13225cc8af186b4cf044c
humanhash: delaware-black-echo-potato
File name:a3c34cc.exe
Download: download sample
Signature n/a
File size:1'171'456 bytes
First seen:2020-06-30 02:12:13 UTC
Last seen:2020-06-30 02:44:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840
ssdeep 12288:GeYpkp4bZ+HEQh9I+m49PKb8HnwBlhqKnVap0pUhp/U/z:GrkybZ+HEQhC+m49PKb8HwBfMk7
TLSH A845F747BCE248BDE53DF270599246613633BC64033367C71B8865E91ABAFA47E2D324
Reporter @James_inthe_box
Tags:exe

Intelligence


Mail intelligence No data
# of uploads 2
# of downloads 36
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/16749/
ClamAV SecuriteInfo.com.BackDoor.Meterpreter.115.27278.11840.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/2ba1c6028593abc20b0f03b311123293b2503db0c76be21880dd26493fa0706f/
ReversingLabs :Status:Malicious
Threat name:Win64.Trojan.Rozena
First seen:2020-06-30 02:11:22 UTC
AV detection:23 of 31 (74.19%)
Threat level:   2/5
Hatching Triage Score:   1/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-z5vzhss1cj/
Tags:n/a
VirusTotal:Virustotal results 22.54%

Yara Signatures


Rule name:suspicious_packer_section
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information


The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments