MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14cccfdfec5ad5bb0a8c12e1c07c2dc92a21c3171b5bdc1ed026bad21611d0b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14cccfdfec5ad5bb0a8c12e1c07c2dc92a21c3171b5bdc1ed026bad21611d0b7
SHA3-384 hash: 9b59c00c4f9f051c5943c3217ea08306539a328a49258637639cfd3ed6cd37bc3d347ba480f0a6ea682291924c87e4fb
SHA1 hash: 8fb0da085d08e9bd1da74afb3512e48670e89b56
MD5 hash: a0e5fe139aef001e51163aca10d59cd1
humanhash: bacon-crazy-high-zebra
File name:a0e5fe139aef001e51163aca10d59cd1.exe
Download: download sample
File size:2'150'400 bytes
First seen:2020-09-11 05:23:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 49152:fyypCdyyyywE/dfNj8S2oFzpPZ9jfiUlkXzh8CQ4SV:fyypCdyyyyNf2S2Mpf1lyhdQ48
Threatray 19 similar samples on MalwareBazaar
TLSH D6A501D76A68221BC525DC38D00ED1235BD29EBCD1A68A1360F07E2DB35F857A4478FB
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Malicious
Create hunting rule
Link:
https://www.capesandbox.com/analysis/58567/
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

PUA.Win.Malware.Generic-6718284-0
Create hunting rule

PUA.Win.Adware.Hpdefender-6725853-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for analyzing tools
Searching for the window
Creating a file in the %AppData% subdirectories
Sending a UDP request
Creating a process from a recently created file
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/463811
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/14cccfdfec5ad5bb0a8c12e1c07c2dc92a21c3171b5bdc1ed026bad21611d0b7/
Threat name:
Win32.Packed.Themida
Create hunting rule
Status:
Malicious
First seen:
2020-09-11 03:50:00 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
2ba0f2e22ed07ca3188c898a0c9256fd30e878916ebe669ed52b25cb18d5ccde
36192aaa605b98f67d88d3712e5eb7ddd8e229766bbae3b2efebdb98f19662ea
450224b458d5d44cbaf62d95e18face27de776ed227ba0f7dc7e12bd07f64c9b
51c53576e439424a479865f5b9c19288f4ba48743b513cd3ead582d0cc647187
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
6057a10b27aebb92f7d961ce23929dc41579f6da1dcbf28572d8c5f0ffac488b
7c3c41d8da242f6ae707daaf842c0c0afb4ff541e3b009c62e51bc7d93eca86b
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
a0e9692a6a0f50890c03829cfc80dd4ef47aaf4ade8c2fd35a62c09d290171d3
b9c037384eaa82706baf7c3cd5e1550fe9ad24083edeb00e55d9da8198ea6ee3
+ 9 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/200911-dkc554864n/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks BIOS information in registry
Drops startup file
Identifies Wine through registry keys
Loads dropped DLL
Checks BIOS information in registry
Drops startup file
Identifies Wine through registry keys
Executes dropped EXE
Executes dropped EXE
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Symode
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/14cccfdfec5ad5bb0a8c12e1c07c2dc92a21c3171b5bdc1ed026bad21611d0b7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 14cccfdfec5ad5bb0a8c12e1c07c2dc92a21c3171b5bdc1ed026bad21611d0b7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/456559/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/58567/

Comments