MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ff7459bb301103727dc8559a89ed94cc6f7a70ca14a39864e0e6ea8bc4a1484. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ff7459bb301103727dc8559a89ed94cc6f7a70ca14a39864e0e6ea8bc4a1484
SHA3-384 hash: 189629145ac945f7167dfed94c5734ab34adbddec9815ec9f3d2e9531377d839d71339b5285047d03172f76f06df01b3
SHA1 hash: 19c9d4c33ec8960bfe151a39bcd81aa05a85c72b
MD5 hash: 9d4fe6049306aa6f4bbc0921333b2a46
humanhash: stairway-mars-solar-timing
File name:minha.fatu812381239 t95wqzyg 84bp96.msi
Download: download sample
File size:4'139'520 bytes
First seen:2021-03-02 18:32:44 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 98304:rY5Ap2Fmw1l9Ajvf1Vih8DKvWbAU8uUX6QHqlf:32F9Ajvf1VieD8WEX96Zf
TLSH 8A16F22192733DDCE967A2BFA1AD5FD08111E4F0E109DA3B23382BA55ED121A71F3953
Reporter abuse_ch
Tags:msi


Avatar
abuse_ch
Payload URL:
https://segundavionlinevivovaloriza.koreasouth.cloudapp.azure.com/

Botnet C2:
http://13.66.29.191/paodequeijo/HGFGHGFH.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
156
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/121137/
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6ff7459bb301103727dc8559a89ed94cc6f7a70ca14a39864e0e6ea8bc4a1484/
Threat name:
Document-OLE.Trojan.Alien
Create hunting rule
Status:
Malicious
First seen:
2021-02-27 02:21:00 UTC
AV detection:
7 of 28 (25.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210302-71j85hflme/
Behaviour
Creates scheduled task(s)
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Enumerates connected drives
Loads dropped DLL
Executes dropped EXE
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6ff7459bb301103727dc8559a89ed94cc6f7a70ca14a39864e0e6ea8bc4a1484

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Microsoft Software Installer (MSI) msi 6ff7459bb301103727dc8559a89ed94cc6f7a70ca14a39864e0e6ea8bc4a1484

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/121137/

Comments