MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d9b89978e6ca9cf14cb1f04859e01e66c1e0dbefedd1663617647535c0b3fa0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d9b89978e6ca9cf14cb1f04859e01e66c1e0dbefedd1663617647535c0b3fa0
SHA3-384 hash: da4f566f87311dca74a67eea89327c6bae37f979b5ea426bc9e2a5f9a357d2cf5e3c422a9036dd57ecac31490eca2aed
SHA1 hash: fa6211beaef017f73ae710c1ba8582ebbe4ddc31
MD5 hash: e14e62f1bf4741cf29cab1d49420fe4e
humanhash: four-east-nebraska-snake
File name:4d9b89978e6ca9cf14cb1f04859e01e66c1e0dbefedd1663617647535c0b3fa0
Download: download sample
File size:2'392'576 bytes
First seen:2020-06-03 09:04:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 49152:qtdYDP+rF0V9rhWjXzvcdqJYPdGxzRANfZnIPuswNDd99:qt+P+rijrhWjDcdSi8fyg499
Threatray 59 similar samples on MalwareBazaar
TLSH AEB5333096E79F97C515CF7EBE971E6802624E82131DF2762012AFDB6C6D2B70946F02
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Win.Packed.Gamarue-7108369-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 11:02:00 UTC
AV detection:
22 of 30 (73.33%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d
2ba0f2e22ed07ca3188c898a0c9256fd30e878916ebe669ed52b25cb18d5ccde
2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8
30785da049b13f1cd228be54f6ce25d801f3fc4890dada9464830e078df7cf94
44ccaaf3cc76edd1e184d8c65b13db79638fcbf8ed37b5883c34a1a8a7700901
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
619ed29c59b4f6a8ad37d7ae185713c12899726ed88fcc03524430669f4a3c6c
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
b9c037384eaa82706baf7c3cd5e1550fe9ad24083edeb00e55d9da8198ea6ee3
+ 49 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/201109-25ty6ykeje/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks BIOS information in registry
Identifies Wine through registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments