MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 059cd9bb3ad74aa7d4a7720c03e07114e89f770dd76523f56febd95f408b8cd3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 059cd9bb3ad74aa7d4a7720c03e07114e89f770dd76523f56febd95f408b8cd3
SHA3-384 hash: 65de2e15f65cf79884441572abb269ab8437d474de488c54def5a856ebe4efbb17758338d7edebdcc1ffabeec6a7ab4b
SHA1 hash: 9befbb82364dbc2f09afc9dedd4caeedc9434515
MD5 hash: f51bfbbc86931dbc96c6b4be4b4c3659
humanhash: xray-minnesota-jersey-music
File name:keygen-step-3.exe
Download: download sample
File size:890'368 bytes
First seen:2021-08-13 10:53:15 UTC
Last seen:2021-08-13 11:53:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f6ef2fc23ca2d85215ddcf8b4448b79f (1 x CoinMiner)
ssdeep 24576:mV3TJTgieFtoQjNfh9FaXASi9i3kRha7cYWc:mV31Eby6fjs3kRha5W
Threatray 22 similar samples on MalwareBazaar
TLSH T12415F173042EBBE8E795E4FCD96F3580D4825C89727A64462F05DF81B8CEDCA072A593
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
RIG Exploit Kit.html
Verdict:
Malicious activity
Analysis date:
2021-08-13 10:38:04 UTC
Tags:
evasion trojan rat azorult stealer raccoon loader fareit pony
Link:
https://app.any.run/tasks/00192776-374f-477a-9c7d-17f4d5c58d3f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/178953/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen3.1293.8983.19276.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Reading critical registry keys
DNS request
Sending a UDP request
Sending a custom TCP request
Connection attempt
Sending an HTTP POST request
Creating a file in the Windows directory
Creating a service
Creating a process from a recently created file
Sending an HTTP GET request
Launching the default Windows debugger (dwwin.exe)
Enabling autorun for a service
Deleting of the original file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
ServHelper
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/924547ab-f12f-4f82-a751-cea70acc5431
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/059cd9bb3ad74aa7d4a7720c03e07114e89f770dd76523f56febd95f408b8cd3/
Threat name:
Win32.Spyware.Fbkatz
Create hunting rule
Status:
Malicious
First seen:
2021-08-11 06:37:34 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  2/5
Verdict:
suspicious
Similar samples:
12bbe24de7cb5efda944526935ce54a013d93d99b366b9f74a19828ddc987ebc
1863a7088799029acf04f2ed7b2ce4d473f27df19a36e373f1a6287aeb77ee9b
2d80eb1f45fbbfa834211cb26597c463d3033217afa53cd9727f4030cf25e122
47b989b710739b1c88408ca9bf1b4e833cdab68b4c205c5bcbd94bec501c9b80
5397b6d592556e4d65cd442190cfbcba5b3d253b0fbfcc0a16f1c6f2b48a58c4
b11bd18587058601cde1be46ec722f2ddc96fddd976f3a263e4d0358e8e08865
b88584dde985bb05eef183a2f339bef9ebdf7adf3b7ce58a71e78e638e6a2123
bc5e3b9e7638a68bbb36387281fedc1bedb12d67575b9242a47c0bf0c8f3c265
da3b8a88c93f49e1d197caa2157876fc794b5cb3caaa69b482f5abf8ddbc523c
+ 12 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210813-tgradeh4za/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Deletes itself
Executes dropped EXE
Unpacked files
SH256 hash:
4b123a21c6b450ebfa07f955dae08e5bed4e9d2bc3d335e42ff552d67c04a753
MD5 hash:
5c9ef7c76bdc5b8cad3a06d7b6ccdefe
SHA1 hash:
f66cb8facbdf7fbe3345c39ac6e9cfc83ab83f25
Link:
https://www.unpac.me/results/ff084431-dfc1-44fb-9fca-e6cc07276fad/
SH256 hash:
059cd9bb3ad74aa7d4a7720c03e07114e89f770dd76523f56febd95f408b8cd3
MD5 hash:
f51bfbbc86931dbc96c6b4be4b4c3659
SHA1 hash:
9befbb82364dbc2f09afc9dedd4caeedc9434515
Link:
https://www.unpac.me/results/ff084431-dfc1-44fb-9fca-e6cc07276fad/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/059cd9bb3ad74aa7d4a7720c03e07114e89f770dd76523f56febd95f408b8cd3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/178953/

Comments