MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d16901bccf3099bf8bc4aaa4f435f3bafe4bd6c990a6f898011de22dd6f67163. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d16901bccf3099bf8bc4aaa4f435f3bafe4bd6c990a6f898011de22dd6f67163
SHA3-384 hash: 9ff0333d8962ba695c100a9f22372ec87f3bb72d929124d2d2d2ec3e9e3a673f3d35e374ca8058200232c7e448493a49
SHA1 hash: 5617e4f902866654270593ba353881d3dc8bec3e
MD5 hash: 63a26a5cd7ce752cf3db74a8e14dbda8
humanhash: tennis-sixteen-yankee-triple
File name:d16901bccf3099bf8bc4aaa4f435f3bafe4bd6c990a6f898011de22dd6f67163
Download: download sample
File size:773'632 bytes
First seen:2020-11-11 11:18:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 12288:WPZ8hWkW5Zpwf850mSZ8fXHH33XcMW17w7Cj1SCrwQJ6Y9+mLIBCOziFOK:WPGKT2WMSi1SCrww6Y2QO
Threatray 6 similar samples on MalwareBazaar
TLSH E6F4E967FA2565A5CB3E25F3CC7399B883E4C66AAB00FB1F50EA212853721DC97511CC
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d16901bccf3099bf8bc4aaa4f435f3bafe4bd6c990a6f898011de22dd6f67163/
Threat name:
ByteCode-MSIL.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 11:20:21 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
031b235aecbb9dd278dd748679c3103920a23a7f7eb5938b328346a7e45eece7
2a46e0846fb5b909da9df065c96a2c482075dac2d57bc5bc02d70954e9c7e7da
6952d61c1b90bbe292626eddde290f0649ff02beca59738bf0912f6e1491538e
927f575e760758781d405edb7a7a16bd4a8069babb55a4bde1103f235fe0b602
c1dc52285b9b9c38bdcfd347559f64b0de7394a8f66714e3b9148216fc91a411
c925d43deca61d344a00221f897dbe35175272a0984ffbba675194fe48842b3f
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201111-q91nvcr7bj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
d16901bccf3099bf8bc4aaa4f435f3bafe4bd6c990a6f898011de22dd6f67163
MD5 hash:
63a26a5cd7ce752cf3db74a8e14dbda8
SHA1 hash:
5617e4f902866654270593ba353881d3dc8bec3e
Link:
https://www.unpac.me/results/89bb3737-950a-4f8e-beb3-76238240fcd6/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments