MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 044d234d96ba4d2c8d6b75dce9f3b778137708ed2fd39edfab8711d3431f8763. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	044d234d96ba4d2c8d6b75dce9f3b778137708ed2fd39edfab8711d3431f8763
SHA3-384 hash:	6e7cd8f2803a19a124f40c8af634652c3b79cf3d3ae5bfb55dd07abda3675ad73425d04f228f54877a23c6ef573735a8
SHA1 hash:	140edb4850081d890fa7267efe002129ff2c5067
MD5 hash:	d071887d9e9af01d3ee009dffe1be16d
humanhash:	jig-nevada-eighteen-green
File name:	c64.exe
Download:	download sample
File size:	2'617'697 bytes
First seen:	2020-04-20 10:06:48 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	de1fa96ad5bc81910ffb7ed552e29d0d (1 x RedLineStealer, 1 x Gh0stRAT, 1 x Blackmoon)
ssdeep	49152:RxH3KTyEJdyyUa6PrvMrKQHBhzFrBRucp2uBUYYs2aoywX7AqomhDH0vOL:RZ3KOMFkxQHBBZOtuBUg2aKXTJZL
Threatray	22 similar samples on MalwareBazaar
TLSH	BEC53396FFC895B0F1615D792C83B0C96B3AFD2B7E64950B2AE43F4E2C79A81144C4E1
Reporter	JoulK
Tags:	exe miner

Intelligence

File Origin

# of uploads :

# of downloads :

293

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Johnnie-6858836-0

Gathering data

Threat name:

Win32.Trojan.Reconyc

Status:

Malicious

First seen:

2019-05-03 23:51:55 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

37 of 45 (82.22%)

Threat level:

2/5

Verdict:

suspicious

30898e79c019a359c6bc25a0217531494c12cfe62384beadc861eb622b811378

43683da31612f7f7157356ec78b295981e3675160fa66ee517ff42f30d86c9f8

50e7b9a736f734ffd4d57d93f93a89e454a4e5147ec7dac2c3f3e5f5fee6fd5f

722521ac19cd30a318eb191975eecadb389fe26c681d76f1c5da92dc8fabac4f

7797da9505bd2ab985d9b1233977b6b11ab9f0e8da31a47b44e0af23c94af807

aa30ea6f5603484a2f71a0fa1429cef880ee018c6b3557ad09708dca055cbb22

c829aa312e2ea1c043566e26517b2bf90e9c12ed68e9d7d24577ebc13f2cf3b1

eaca8287ec8d461a944da43f061dd197225ff77979c8acc7017bb1ea8301f3b7

fa473a9f7280e22e757799c9d18a21bded2f5500a47063e926105db33e77b4f8

+ 12 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 044d234d96ba4d2c8d6b75dce9f3b778137708ed2fd39edfab8711d3431f8763

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/210545/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high
CHECK_TRUST_INFO	Requires Elevated Execution (level:highestAvailable)	high

Reviews

ID	Capabilities	Evidence
SHELL_API	Manipulates System Shell	shell32.dll::ShellExecuteExA shell32.dll::ShellExecuteA
WIN32_PROCESS_API	Can Create Process and Threads	kernel32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	kernel32.dll::LoadLibraryExA kernel32.dll::GetStartupInfoA kernel32.dll::GetDiskFreeSpaceA kernel32.dll::GetCommandLineA
WIN_BASE_IO_API	Can Create Files	kernel32.dll::CreateDirectoryA kernel32.dll::CreateFileA kernel32.dll::DeleteFileA kernel32.dll::MoveFileExA kernel32.dll::GetFileAttributesA kernel32.dll::FindFirstFileA
WIN_REG_API	Can Manipulate Windows Registry	advapi32.dll::RegOpenKeyExA advapi32.dll::RegQueryValueExA
WIN_USER_API	Performs GUI Actions	user32.dll::PeekMessageA user32.dll::CreateWindowExA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample