MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fe264b8c4222ba077a63cfca668eccf74f2d371fa10e0431a2c618a14d46470. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fe264b8c4222ba077a63cfca668eccf74f2d371fa10e0431a2c618a14d46470
SHA3-384 hash: 64ba1c2be21a2b2e18008803ae8fbb44c0b8259946b7a40342790825ad3a0baddba149442c7b96e1f64315301d7fb30e
SHA1 hash: 76e19425733e801fa7bfdcd8f69682370e9c7b96
MD5 hash: 959c845821b5af3423fd9add449c1e76
humanhash: aspen-yankee-july-arkansas
File name:SecuriteInfo.com.Trojan.DownLoader33.60098.9471.4009
Download: download sample
File size:934'912 bytes
First seen:2020-07-06 19:08:01 UTC
Last seen:2020-07-06 19:51:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 75eb72cec9852ec437ead04e43f755c1 (2 x FormBook, 1 x RemcosRAT, 1 x AveMariaRAT)
ssdeep 24576:+A42+toK52YZ574qMPxVP5YMVde9U/tQ:+AeT2YEPvV
Threatray 5'405 similar samples on MalwareBazaar
TLSH 89159E22B2414877C12254B8EE2F73F45E29BE1119C86C973BF9BD9C5FBA6813817193
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/21790/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.60098.9471.4009.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5fe264b8c4222ba077a63cfca668eccf74f2d371fa10e0431a2c618a14d46470/
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 18:12:11 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
35bb2187c8bcf8921677dc34a4a3bf7f33144c97370346f4ff616c82a2e278b5
45a1bb88d5e48989369b90d346c9d706a24c8b1205c4358b6a3bda278aeee6cf
65463a82bb20ec1f2d53e93c9e51538d55fff2844c746afc36e7a1c43cce36e4
7f261df83598926b168c3515bde5a345dba7828d5bcbdedff5fc55cd16ec23a8
85774cdd3163c5e259dafdf67b113fd69fa8f4f9ebd964ee91b099bd2f58ebfd
9392304274014d5807d5a2271486ea5a72143d7a1214ecc1b59b1626dfc3ba64
b113aa45c20fb4a1b058a76068faf201fa21295df5aaf54e32f3034c6944947a
c0307fdf9dcf72e69b33cb4327608c3d27bc5a26ce4552a1eae074f2557482dc
c177f9b4bd74ab895e5b56bd2de176fa8eef55435f62a734fabc4a1215980c60
ea757d5009b479c116f888667fe901ed1c2f5687d26cd611df29298c17529153
+ 5'395 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/200706-rcgddzvche/
Behaviour
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run entry to start application
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Adds Run entry to start application
Legitimate hosting services abused for malware hosting/C2
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5fe264b8c4222ba077a63cfca668eccf74f2d371fa10e0431a2c618a14d46470

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/408321/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/21790/

Comments