MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232
SHA3-384 hash:	b8346cc86bf6bd49e243adc28eb8ba369db782559a6776ff20a5fe73a755073e6e898a81af5e0341ab11150303a4cd9a
SHA1 hash:	357e3a85317453878cb5eacd4862251b7f6f892b
MD5 hash:	004b7ab00bdef8123f9ccce26c950fb0
humanhash:	kansas-network-michigan-artist
File name:	06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232
Download:	download sample
File size:	491'521 bytes
First seen:	2020-11-07 19:31:43 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ef3fd1c1a81435e51fcc42212e25d2ec (7 x Reconyc)
ssdeep	12288:bi4BNDHNtin2YbxGZWZmLFHrwLvkzzLnUfFr:b7BNTziJGbFrqcbQr
Threatray	13 similar samples on MalwareBazaar
TLSH	78A4F16D3C981390C625853658BD0BB99A968589CE2BD4BC4EBCBFFFF38E10179140D5
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Packed.Dridex-7734686-1

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Replacing executable files

DNS request

Sending an HTTP GET request

Sending a custom TCP request

Moving of the original file

Setting a single autorun event

Blocking a possibility to launch for the Windows Task Manager (taskmgr)

Deleting of the original file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232/

Threat name:

Win32.Packed.Generic

Status:

Suspicious

First seen:

2020-10-11 19:13:23 UTC

AV detection:

42 of 48 (87.50%)

Threat level:

1/5

Verdict:

malicious

296b64f00dfe0aacad6cb5b400caf51f90f0129fb07e1afc71abc0d3a2b1b1a5

3075a769f000372501a625d5073892f6a1c7363fe4ec5751658d7bc00561d0ff

6153eb4861731cb8b710414247b40ca5851a31c6a79b44d488d02d59b4abc5ff

75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291

8d5fcc37dd8243986f9bb28dccd74960163c965f87f23fc4e0360f17188cc332

9ea59a3284eb0dfd4af9a58e5e5be9abf46cd42e911650f587c7d6d67d29691f

b604f76daf8cf56c371dbfc20bbeff0ab2d451d9fa059615682a0c6054bf1627

bbdd92fe560df908080324d2c514af5c674f1aa2b8c4b65d5a37a5cd6ccbbba2

ee379be40d5c1621d1e0ccf136de363f950cbc92e5ee7f2b05c447cf8f6f2398

+ 3 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/201108-dbjc84sctx/

Behaviour

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: RenamesItself

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

System policy modification

Modifies Control Panel

Program crash

Drops file in Windows directory

Modifies service

Suspicious use of NtSetInformationThreadHideFromDebugger

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Deletes itself

Loads dropped DLL

Executes dropped EXE

Modifies Installed Components in the registry

Suspicious use of NtCreateProcessExOtherParentProcess

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample