MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 118cdcd151285cd394c469adb600eec673af5962b08c5bdd71ae165f1b6b0b96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 7 File information Comments

SHA256 hash:	118cdcd151285cd394c469adb600eec673af5962b08c5bdd71ae165f1b6b0b96
SHA3-384 hash:	ce71cc21cdba371c2250433dcad4869dba4acdbc8b78542955b99a699e3b7691d1004727e2da6d443da948be271d9f06
SHA1 hash:	ad91845985c42957c583e566f42be0bbc0db315a
MD5 hash:	c2f610ecde3785d1d4afe7ca0778b5f1
humanhash:	iowa-artist-high-lithium
File name:	kkk.exe
Download:	download sample
File size:	18'977'792 bytes
First seen:	2022-09-30 02:21:51 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	57c9b357ae0cb2f414b0a5873e2f216d
ssdeep	98304:YVFFf6KjdU5ny6VS3lqb1F2TC4qCFELmAmRwz:AVrdU5yt3lmPBZ+Rw
Threatray	23 similar samples on MalwareBazaar
TLSH	T1E4172983F505F1E0C09BA2754E2162E1B631B88A2F36B7E71A90A36A1F357F49F75710
gimphash	db767ad0b7aa941d4f68e7ebf595e7d783cc6c4b810036453aea621bf54b1743
TrID	43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 27.6% (.EXE) Win64 Executable (generic) (10523/12/4) 13.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.3% (.EXE) OS/2 Executable (generic) (2029/13) 5.2% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	Anonymous
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

280

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win64.Malware-gen.26879.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug greyware

Link:

https://www.filescan.io/uploads/633652cd5c60ccc9fcfe8b10/reports/d85dbdf8-476d-4101-aeec-78705af9f770/overview

Result

Verdict:

MALICIOUS

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/847c05d1-e490-4d3b-9d2a-1540ba56b6fd

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1080591

Signature

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Potentially malicious time measurement code found

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/118cdcd151285cd394c469adb600eec673af5962b08c5bdd71ae165f1b6b0b96/

Threat name:

Win64.Backdoor.Silver

Status:

Suspicious

First seen:

2022-09-25 06:01:06 UTC

File Type:

PE+ (Exe)

AV detection:

13 of 26 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cggnzukrfbonhfgengw3mahoyzz26wlcwcgfxxlrvylf6g3lbola._file

Verdict:

unknown

5bf3189b7d260930bbcaff2c228e948195d774d2542a6fe0a865a7e5b8b07c63

5d72a8ffcefedd15f16a8ac752b0e09fef6d9359c0019fa1627be76581358152

7fa5971fde4364c32e47c5a8e6b189fc214ffd019077f30c14fbfb4e240909e1

8b03872c981e72aa24fd680e3d8f49768341f2c86fdabe51f4e5302c41b194a7

b5ff5a9c19554d5531b7287615ce45e622ffc8d12b6c8d3f15e6c023e94bd452

b68aac66f4d1490eef02edd08bd9a7d58ea388f0fe601ace2e3c15cbf4bfe215

cc81b5085ea098d0d117dfe38aa46b5513f66d34c23454c964cdd3f0864967e7

d06077790fb260d6c3ed4af601b5322446d2a0621eb8edf14af8438dc2c02a63

f9b5057081ca6e37c63a992234668b244551053a63582ee5bcd24e9e06222278

+ 13 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220930-ctklgadccn/

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/b14d27e0-c0e2-49f7-853e-b5c116954fe9

Unpacked files

SH256 hash:

118cdcd151285cd394c469adb600eec673af5962b08c5bdd71ae165f1b6b0b96

MD5 hash:

c2f610ecde3785d1d4afe7ca0778b5f1

SHA1 hash:

ad91845985c42957c583e566f42be0bbc0db315a

Link:

https://www.unpac.me/results/aa97f133-a435-4782-a652-4b2ea250c55f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/118cdcd151285cd394c469adb600eec673af5962b08c5bdd71ae165f1b6b0b96

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	adonunix2 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	AD on UNIX

Rule name:	BitcoinAddress Create hunting rule
Author:	Didier Stevens (@DidierStevens)
Description:	Contains a valid Bitcoin address

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group

Rule name:	GoBinTest Create hunting rule

Rule name:	golang Create hunting rule

Rule name:	identity_golang Create hunting rule
Author:	Eric Yocam
Description:	find Golang malware

Rule name:	INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File Create hunting rule
Author:	ditekSHen
Description:	Detects executables containing bas64 encoded gzip files

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample