MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59eb4977b433ca77f1590c094dead7cf6bfc1cee4ece19ec994af25d918b54b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59eb4977b433ca77f1590c094dead7cf6bfc1cee4ece19ec994af25d918b54b9
SHA3-384 hash: dcaa3e8903102ef2fbd674ceca7e0d893b17d3f6c41aa896561c1657d5796e62157ca363362e149a0e710e0c0cc6abc3
SHA1 hash: 5825c2ac02829f74d06318fd6135e8cf8ed5f27b
MD5 hash: 389ca82c7011c11e444c688a78a1e3dc
humanhash: queen-batman-bacon-minnesota
File name:59eb4977b433ca77f1590c094dead7cf6bfc1cee4ece19ec994af25d918b54b9
Download: download sample
File size:491'521 bytes
First seen:2020-06-03 08:22:51 UTC
Last seen:2020-06-03 09:25:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ef3fd1c1a81435e51fcc42212e25d2ec (7 x Reconyc)
ssdeep 12288:brbuOr7dQGddSBUsxYOby/tnM8VqwuXwMUfFr:COr7dLd4BPGFM8Vd8Qr
Threatray 3 similar samples on MalwareBazaar
TLSH 43A4F176C871B009F626B27A11AD09BC577860180838D6F8E5FD6BBF34EBC705B1B589
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Dridex-7734686-1
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:08:18 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  2/5
Verdict:
suspicious
Similar samples:
6829cb62da82005be89a9f27b85c50a40f9a7a74424bf96500d420e077b8b666
75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
bc8b29f27771d4f8c16ce6e81b180ca85627b7b6217a7ee5560679317c772ce9
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5wx7jyng5s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments