MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0622421f5a2a6dfa2de39175fbc710f982788677162c2e93ed1eb78d33d6bc75. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	0622421f5a2a6dfa2de39175fbc710f982788677162c2e93ed1eb78d33d6bc75
SHA3-384 hash:	e69728d6aa55cac705112fa4ee66a971c2fd004cfca429a59bcaa3fbe747c1c90614bfaa6ccfeb8f2294fb69ca0b3c12
SHA1 hash:	7c0707443e26207d1b81716cdc434765128f75b9
MD5 hash:	c69d2844b5edf9df7a6fa650920e46a2
humanhash:	north-zulu-mirror-uncle
File name:	0622421f5a2a6dfa2de39175fbc710f982788677162c2e93ed1eb78d33d6bc75
Download:	download sample
File size:	3'299'862 bytes
First seen:	2020-06-03 09:49:50 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3d349bb1fedb23758a6e397e5d691576 (8 x Bancteian, 7 x AZORult, 1 x AgentTesla)
ssdeep	49152:ZUuBTOjZwS1Ihk+hy7iHuaRZnt+NTNLiG97f:ZXRO0hkr2Rxt+e2
Threatray	7 similar samples on MalwareBazaar
TLSH	2CE55B17B284583FC06B173A8837A7549D3FBE6166269C0F17F078CC8E7A5817D2A64B
Reporter	raashidbhatt
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

61

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Bancteian-0-6418983-0

Win.Malware.Delf-6821970-0

PUA.Win.Adware.Dealply-6840263-0

Gathering data

Threat name:

Win32.Trojan.Bancteian

Status:

Malicious

First seen:

2020-06-03 17:10:27 UTC

AV detection:

46 of 47 (97.87%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1

2c08eadd3382400c96eb0d442d555053aa80eb467f328eb12bc97046ca3a6603

31e0d8d290cef40450e8afb88a58749155645f4f702bdec51a81290d0230de09

7775bf665391c8e930e16cdb4b1a78458ffe7e662a099376050d425a8c24637e

8c3d5e134df25eda7738bbbfaea35569b90bbc9f00308ca32ff6feb76e783e11

b5961f407c0afef04c9406ba17cbae3fe4cc575b47e50081abbda0d96f9c0f18

d68a5a2bf92f0f08b8eb6f39351462f81d65d54085c1c7ae3aa81b2d3018434e

Result

Malware family:

n/a

Score:

10/10

Tags:

evasion persistence spyware trojan

Link:

https://tria.ge/reports/201109-qk4m33825n/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

System policy modification

Drops file in Windows directory

Adds Run key to start application

Checks whether UAC is enabled

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Modifies WinLogon for persistence

Modifies visiblity of hidden/system files in Explorer

UAC bypass

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample