MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1002b7508336031b4e5c992ac2ab451c75f2782dd10f831829a9af87d32ed482. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Tinba


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1002b7508336031b4e5c992ac2ab451c75f2782dd10f831829a9af87d32ed482
SHA3-384 hash: 2ae97f6b33df59b5e73ed79f283dbc80b17c27c1c1fa1ac7cbef2933303d881804a9d99aa5cf6940207a79f620bff1f5
SHA1 hash: 0b06141ad1205bfe92950993971aa30d751934b6
MD5 hash: d45f542e9ffceb84d31a003362cdffce
humanhash: hamper-monkey-nebraska-alaska
File name:1002b7508336031b4e5c992ac2ab451c75f2782dd10f831829a9af87d32ed482
Download: download sample
Signature Tinba
Create hunting rule
File size:248'320 bytes
First seen:2020-06-10 11:49:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 71f9d18724cfb743d0e7d0c8afa52751 (3 x Tinba)
ssdeep 3072:QhaihMssJRjDnHkRh0vG8/xVVIuu4JHXkp+fsunnjmSHbRe9H5Toy9FU4otPg+:SaMRsJZLHkExVV7lkp+rj/tEZTLU4h
Threatray 65 similar samples on MalwareBazaar
TLSH 4E342A2CE97A656BD9B14CF18293C3C67A070D58F7608DB325E06A0B329D5072CDB7E6
Reporter JAMESWT_WT
Tags:Tinba

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'073
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2017-09-04 23:12:50 UTC
File Type:
PE (Exe)
Extracted files:
20
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
052a7198fb77bc35af1b12cb629da41fd6d4be4f0c008c006f254f538301a3b5
Tinba
1372551a1b2824bb421929fc8cdf683e64c53a48080be18335612a47fbd8a197
Tinba
251823645d1460928c1fd5f7cb861fb31e690238bb2707b2f2647baff98f9ca4
Tinba
697826e37f4032bffefac7a16507e97e4adecb92615c796dfb47f3c3cb83750e
Tinba
6ff412089c62ae8bea2f552a70420fe4834b00bd6f58cb413e2b0857b06cc177
Tinba
91a472a8df4bcc3b375a0bc8e70d79d62dda475cbf61efbb869fba40226b28ae
Tinba
9d88f50d2a47b2339497c9ea6cb7cb1f669865e1e8df8e9363b147b0fdc75aef
Tinba
bc3729fcbb326ce373f348d481a61f6d4468c6013d3c712224c54a64c9c278f9
Tinba
e615fe028fe30d535f142962719d8f9348b66805a8c81bbf7d78332d12f624c0
Tinba
fcb020fc827bf432792feef13068e8094ae0dd1f201fa398a360eecf6216630b
Tinba
+ 55 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-vjyc1hefv2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of UnmapMainImage
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments