MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8
SHA3-384 hash: 07f42c6094da6414b3faf9e774c9cc5ead44542282c32c8b6d85aea13b606887f442348398303a2a56da9346f75ba83a
SHA1 hash: cc7548652a02ca0c21717a761c3ff25f79431688
MD5 hash: ee6f8db69daa384d15c3a945e0bc9481
humanhash: march-double-stream-alabama
File name:2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8
Download: download sample
File size:2'413'568 bytes
First seen:2020-06-03 09:04:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 49152:B52yUki4g8iKp2NaE9VSoDxfGgbUEnBNdG38POUnDjcTB8MI2bG0L:BbBVqai0BYdG38Px0B8ZX0L
Threatray 61 similar samples on MalwareBazaar
TLSH E0B53354B437B82BE6594EFDB2C7DAA08764C929294A7D520FD9380F593C73F4EC2908
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Win.Packed.Gamarue-7108369-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Phpw
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 10:46:18 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
2ba0f2e22ed07ca3188c898a0c9256fd30e878916ebe669ed52b25cb18d5ccde
4d9b89978e6ca9cf14cb1f04859e01e66c1e0dbefedd1663617647535c0b3fa0
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
758c9e9642b467c181548b07d7d47e32e2e37ce7298e0d89674fdbcbe13eb50e
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
a2f0a1d469d73a11c69afc9eb12000fa7f7652305d936a10d12dabce693f878b
b52960b7ce7ae8c007c59626859816296471b7810036baaa7b7b86c2cd6d6218
b9c037384eaa82706baf7c3cd5e1550fe9ad24083edeb00e55d9da8198ea6ee3
e9cced0b9ebefdba76a527b00dcb635a37ea0274f5b8038e9eec809bf2a500e0
f8915227c25c5ac552d66f3708f615cd517363953829d3715f38666d7dfa9770
+ 51 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/201109-1t9g7r6pss/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks BIOS information in registry
Identifies Wine through registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments