MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Reconyc


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
SHA3-384 hash: 7c8380e86661ebe697e5801406237bebfc5ae7c815198d720ce27ffcf2416194b5a1f35898e4fd73765c00fba0025ad4
SHA1 hash: 261eca6a3d3de7977676adc3787c1f9c464d4bf9
MD5 hash: 2b3e4bfac9821b17b192db74aa834d1e
humanhash: california-triple-beer-white
File name:75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
Download: download sample
Signature Reconyc
Create hunting rule
File size:491'521 bytes
First seen:2020-06-03 08:22:44 UTC
Last seen:2020-06-03 09:25:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ef3fd1c1a81435e51fcc42212e25d2ec (7 x Reconyc)
ssdeep 12288:0TEdR5B0SVEpvsUYIXwe9LTEiqPu1ndMucxl4PUfFr:0gdR5B0SUURIXweVI7mlPUl4PQr
Threatray 2 similar samples on MalwareBazaar
TLSH 26A4E0FFA3E71481CB206C326DFCD1B805BA8649156CD676297DAC47F7FC8289D2241A
Reporter raashidbhatt
Tags:exe Reconyc

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Dridex-7734686-1
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:08:50 UTC
AV detection:
43 of 48 (89.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oxnek2maw3awvafakju5n7xjhpayujboxygh7hybjowyqkfqskiq._file
Verdict:
suspicious
Similar samples:
4c1fe4c0f5d8d1277036802c83df3e083b31318dfc2c194ce93b7169d7ba6e3d
Reconyc
59eb4977b433ca77f1590c094dead7cf6bfc1cee4ece19ec994af25d918b54b9
Reconyc
Result
Malware family:
n/a
Score:
  9/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-fasr6bk7le/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
System policy modification
Checks SCSI registry key(s)
Enumerates system info in registry
Modifies Control Panel
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Program crash
Modifies service
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Deletes itself
Loads dropped DLL
Executes dropped EXE
Modifies Installed Components in the registry
ServiceHost packer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments