MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5815d28898fb5bb4067575c1885cde3ee909543c8d176b5f8029cebf34d3e4ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5815d28898fb5bb4067575c1885cde3ee909543c8d176b5f8029cebf34d3e4ed
SHA3-384 hash: f5f67a57f478850e345f7853436741d68b84f161554cd1d57ef00691f81ebdd9b8b8cf7d1cc661baa95423faf009d443
SHA1 hash: cbbf4113fd9d2e35d3d641bee9f8191e785c0a00
MD5 hash: 236148e858e1a5889acc2ad4ebf9ac41
humanhash: nine-whiskey-chicken-early
File name:5815d28898fb5bb4067575c1885cde3ee909543c8d176b5f8029cebf34d3e4ed
Download: download sample
File size:208'896 bytes
First seen:2020-06-10 11:51:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ff741590080c589d3a35bc62f499df9b
ssdeep 3072:Yed+UxfPiMqbMbrNAPDO+BKpfpUkgKtznFGpB6AQs9OMS6w+Oes/GDxiFf2ClqSR:YmTbbrqPxefpUnEFGLwsPpeeDx+fD
Threatray 30 similar samples on MalwareBazaar
TLSH CE14F10CE44AD0B7D9E606F679858BD3931C124C233B2C5F2B1EAB1666A14CF0D61BED
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-6222447-0
Create hunting rule

Win.Trojan.Shifu-6330434-1
Create hunting rule

Win.Packed.Ursu-7372399-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Shifu
Create hunting rule
Status:
Malicious
First seen:
2020-06-07 03:03:00 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0353a90102276045a708f151d0d4c6e1e3008e0de89b33ffc1329d0034932e28
26b5032843219e59fe63b3723267765071a1a4e44e38124543748238a9212bfc
8a6358426543c2a66c3bb116cf5a8cdefa04ba41463c4c05363bb03521f860ee
b18dc8d2a804cc717ed7e737b3980f4e236fe9f81521ca815bd7161b0fd3db5c
ba7a2f7a10ab469e949866d67876704a9c8164c41e29915c46ef374369f7760b
be4c2083b065f457197a64c7192cc7f679a53e53737de2f64c41403170434faf
c3f9943448e02e2fdf9c67f35f6997a0f5b647e34b77578c00ff2a05de2f0b2b
c90c7a5567f9db6866c7028e6dd1da3bbc962c42e5fe17f393fd3aae6c7d63d5
dad750195d0fc6695caaeda6ae16fe7131fab602fbc0b412e8a14703e0664788
fcbcbc48c784b9238ca42b16ce377ad3b3dd9db06cdf7460ce9e6db2debc3d60
+ 20 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-kd2zdc1w3e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Checks for any installed AV software in registry
ServiceHost packer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments