MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56af437f8b3b60b32b7cba77fa159138a777a48e98ce0215e8ec6f97ef12b223. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 56af437f8b3b60b32b7cba77fa159138a777a48e98ce0215e8ec6f97ef12b223
SHA3-384 hash: bd59c5f8e3c2210755fc472d09f304d330dc094580a49974d03ca0d5b4a8f109fd01afaafd37b4547f64534b7a3375cd
SHA1 hash: 87752254bed5574957f3e483168f2829a44f4a97
MD5 hash: abe4a1c3959eb4847079c9b4ebb6d807
humanhash: oranges-tennis-robin-mockingbird
File name:SecuriteInfo.com.Variant.Strictor.234398.8512.12300
Download: download sample
File size:6'251'520 bytes
First seen:2020-06-19 02:32:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 646167cce332c1c252cdcb1839e0cf48 (8'473 x RedLineStealer, 4'851 x Amadey, 290 x Smoke Loader)
ssdeep 98304:suBHlsy/rKc58p7YPRxMldWDyN90cSaPPRRnHozpbSZfZKeVO0GOKJwf3waH96id:suwRc5aeRK+oHSaxRHKstZKe40GBJwfz
Threatray 15 similar samples on MalwareBazaar
TLSH 495633169BE1112EF1F91F30BDB1478117BEBCD68CBAA0AF1256DABD093391085B471B
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19859/
Detection(s):
SecuriteInfo.com.Variant.Strictor.234398.8512.12300.UNOFFICIAL
Create hunting rule

PUA.Win.Trojan.004b-6980513-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2020-03-10 22:18:47 UTC
AV detection:
9 of 31 (29.03%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1f02d06a14d5e83c297271a24f9dad9f28d25e387bc65784077ddc27165290b5
548c375182f63e134625ec757d001e42051be39bf22f4065932ba53557825312
54cc3426c8ad3f2d39543a8157843620af7108ea419589cc6755e77a31b96047
6575a80b5fa70f2b72b0c5270e4bf316efbdda166b73267a783ebe8a56f3cd1e
82bb3e9ec03f5237ed521effee5b1825b59e31be522e71a05c129676e60839ee
ace64cbe1ef91a0b14602264fe0de8e3698cb8b901cbd6251b3fd11d87a0bef6
b0fedb5fc4232c07ff1161ddcc830cf11596ba2653cc7cea1d5666b4bab1f276
b87295a4b2fb2d2f4df9d502d52e2f50a5e9b3ba9f56b17e252fa0f3022ae6f4
d73498e0aabb97375783af491aded66aa6710ba848247de3337f404fa02a35c0
fdafb44be84ea918c76a99f4c24c08fbe8de6648a4ad73614f77450aa2b43484
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence evasion spyware trojan
Link:
https://tria.ge/reports/200624-kd9f61d5mx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Adds Run entry to start application
Modifies system certificate store
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 56af437f8b3b60b32b7cba77fa159138a777a48e98ce0215e8ec6f97ef12b223

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/398898/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/19859/

Comments