MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eddb45dfe783cb38e0597ba1a04b8fe9cdc126970dba9287f7325e05f62329ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: eddb45dfe783cb38e0597ba1a04b8fe9cdc126970dba9287f7325e05f62329ce
SHA3-384 hash: 7a032f44fd9b9ed37a7915cc2fb046cc7d8005e396ef19199c84c079f7113f6b4fbf114624077c5b2759088b55d10ff3
SHA1 hash: 597713b0225680528e9a9154a7acca984ef67075
MD5 hash: 9e4d3f4439ed39c01f3346fbdb7488ae
humanhash: eight-video-carbon-paris
File name:eddb45dfe783cb38e0597ba1a04b8fe9cdc126970dba9287f7325e05f62329ce
Download: download sample
Signature PurpleWave
File size:259'584 bytes
First seen:2020-07-31 08:35:04 UTC
Last seen:2020-07-31 11:03:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 16241ac78748ffe560fbf6d9ca82288b
ssdeep 6144:RXDYbTo2DhoBuPFj04x70tJDroMMqHNS0i2om/qyHi:WHhloB4gG70jEMMiS1pSdi
TLSH E94423CB9BA649D7FDEB01B600DBC022B41EEF78C26DFEA5787115068C3AD9849471E1
Reporter @JAMESWT_MHT
Tags:PurpleWave

Intelligence


File Origin
# of uploads :
2
# of downloads :
30
Origin country :
IT IT
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Connection attempt
Creating a window
Reading critical registry keys
Stealing user critical data
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
9 / 100
Behaviour
Behavior Graph:
n/a
Threat name:
Win32.Trojan.Razy
Status:
Suspicious
First seen:
2020-07-31 04:45:44 UTC
AV detection:
24 of 31 (77.42%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Behaviour
UPX packed file
Threat name:
Trojan
Score:
1.00

Yara Signatures


Rule name:suspicious_packer_section
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments