MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17d67e548d5b9c91ba3b2ce339100803174c32e7ab000cd6d90b461288b558a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17d67e548d5b9c91ba3b2ce339100803174c32e7ab000cd6d90b461288b558a0
SHA3-384 hash: 21ea2570f7b9b76beae9276dd37d7180e555b3ec4dc163d809396dc58ea850138886f8145f005609c382a9cad8029445
SHA1 hash: 2755a4503498c945533333e11f716f066b0ef52d
MD5 hash: 2af527c3cc7b1e4f03153d1cca3c9ee6
humanhash: december-juliet-zulu-fifteen
File name:17d67e548d5b9c91ba3b2ce339100803174c32e7ab000cd6d90b461288b558a0
Download: download sample
File size:1'829'376 bytes
First seen:2020-09-02 14:05:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (225 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 24576:29BQiJNJe1isWcyFFiFQhJyyqt7ATKmhF44GOH98nHmvmJ09inHic8Mi1W7z6IhJ:2X7JI7W3hgWhRGmiGvs0kCcHae
Threatray 35 similar samples on MalwareBazaar
TLSH 3A853320DDB3F226E6B3083CD636A724EA91D9276F77A81C53415C4DC59B6B0EE8E350
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/457561
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 281167 Sample: ZUudQsdBC2 Startdate: 02/09/2020 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 ZUudQsdBC2.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/17d67e548d5b9c91ba3b2ce339100803174c32e7ab000cd6d90b461288b558a0/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-01 13:49:36 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1f2b9ed45696d387c21a1a5ac0c414949cd5357d182fa3e670d9d335abeca5e4
53e4f5df0428b043d69593a2875bace25b99e5f2b9f7fc7630a4f8ef5b75251f
82c8c241387c128a1d00eb9a96ec415ccad32461600441cb9a6c9176cfebd617
9282d409b92e1ebf58829283933edea243f7ccf3b68456139986c7cb5949522d
ceba09dc5368ded2d7d5b62bd36fdecbd47aee8f3219abfd2ca32f31b0eba7b0
d38f78f931898d8cd152dc2e10900e784392c0a8e22e9d45f6f65827c6d17782
e162d29d0ba895e3ea7d75000c41c843225c7d29147b323ed9a72f4de3c1f6f0
e463d24b09ee120b0d0b6230d24f4337a73e312a4ac7fb9a3b434ec0a805db00
e637c86ae20a7f36a0ad43618b00c48f47b5591a03af3fb689a16c45afa43733
efa3f807a090dd6ed839496213cee3dfc6cef4633b45abb0f3b3a68b59ab416c
+ 25 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/200902-kegtlpwgln/
Behaviour
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/17d67e548d5b9c91ba3b2ce339100803174c32e7ab000cd6d90b461288b558a0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/54412/

Comments