MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 080c4989b8c8eddf720aa0c85ad1b80a2d3283b495ec9e61f868b3fd6417e097. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 080c4989b8c8eddf720aa0c85ad1b80a2d3283b495ec9e61f868b3fd6417e097
SHA3-384 hash: 00eaa93861657efd2d7c97597402e59402b6eaa345b510cbdbd487450149f5ed2cf76394e5574bb0043301bfa20ee0db
SHA1 hash: 4654f124614b524822f5d13790b9e4d3a10b93ad
MD5 hash: 192a8e0c3ecc76e97a92649ee328e9f2
humanhash: massachusetts-cold-pennsylvania-ten
File name:SecuriteInfo.com.W32.AIDetect.malware1.19283.23081
Download: download sample
File size:355'840 bytes
First seen:2021-03-11 12:43:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9c2408c4e289059dc1f7339d62dec625 (2 x RaccoonStealer, 1 x Formbook)
ssdeep 6144:AEqM9G5eUxo16dBIO5QPSNvH3+cJkNX9xb7ORZp6A:AE9Y5eUxoiBIWUSNmbNxb7OR
Threatray 21 similar samples on MalwareBazaar
TLSH 05749E107BE0D434F7B612B84975A379A539B9B0ABA495CF62D42BEA65347F0EC30307
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.AIDetect.malware1.19283.23081
Verdict:
Malicious activity
Analysis date:
2021-03-11 12:47:13 UTC
Tags:
evasion trojan
Link:
https://app.any.run/tasks/39cb0852-d126-413a-a078-b8a59d33738f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/123796/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.19283.23081.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Sending an HTTP GET request
Creating a file in the %temp% directory
Sending a custom TCP request
Creating a file
Creating a process from a recently created file
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/636808
Signature
Antivirus detection for URL or domain
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/080c4989b8c8eddf720aa0c85ad1b80a2d3283b495ec9e61f868b3fd6417e097/
Threat name:
Win32.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2021-03-11 11:48:20 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
4e4023f2d5ba6bf0595fb6dcac7c04564239d0ff25408a1aa9c36e1d08ae57e5
882e76f42c2b167e6bbef37b58c44b9a7234e7c154d9b30b7da9071611f3bc0b
883bd670d55447865cc753c58efafc0c26c17c8d2b11b10f3bc9f70093abe507
8ef1aa8fad70716a2552ae9f8833304c0dea036bfbc1a77090bdbe1ae64e003a
9018fc4955a89ca4996540770fb9d7ed349810b9e4f6724ade1be9c6288015ed
b38ecd57921a840d35175c49b2b251138e87f8e9a54170362871ee8753ef1f43
c282cc8f22db07f2bc462448e339d3cf19fe5330e031a956d8c892c4b78b10ff
d9a54b911ce6a7a42de09baf6fa4f4004a509897e131ea61769f8554041e0f55
eddcda48d1058487f653995ae77469d407cd02a7b2bf9d6059a61ddeeaa83f70
f6dc39be69fcb6613defba0c9d8428d71c2a02b118383d4a49a66c6139e690fd
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210311-9lfa2974vj/
Behaviour
Checks processor information in registry
Modifies registry class
Modifies system certificate store
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Blocklisted process makes network request
Unpacked files
SH256 hash:
1d3e40d165445f3d47d68b9f05b5a5be5cf2faf1074dc6462e024f35662d6583
MD5 hash:
23472a6dc73762deed922d8857215253
SHA1 hash:
b3a5d64bc4b55cf4d117b9aa0259df3009ea3b3d
Link:
https://www.unpac.me/results/5b3de3f7-8f53-4ddc-9778-3287af4a9432/
SH256 hash:
080c4989b8c8eddf720aa0c85ad1b80a2d3283b495ec9e61f868b3fd6417e097
MD5 hash:
192a8e0c3ecc76e97a92649ee328e9f2
SHA1 hash:
4654f124614b524822f5d13790b9e4d3a10b93ad
Link:
https://www.unpac.me/results/5b3de3f7-8f53-4ddc-9778-3287af4a9432/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/080c4989b8c8eddf720aa0c85ad1b80a2d3283b495ec9e61f868b3fd6417e097

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 080c4989b8c8eddf720aa0c85ad1b80a2d3283b495ec9e61f868b3fd6417e097

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1061030/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/123796/

Comments