MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c6421eff5d5551f9032931c440e342b515ea903eae463d6ec7af4e6a4fab0fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c6421eff5d5551f9032931c440e342b515ea903eae463d6ec7af4e6a4fab0fc
SHA3-384 hash: 1e040ea74b4052a4351ae7d0daa20a2b113c690bbd0de76f7bf7429b1d792cf6c12ff9b487e08fe62fdabffe2824bf9a
SHA1 hash: 56e6bd927d898dffa3e500d8cf6b8ff97b43d216
MD5 hash: abb796b12a0e9c4d8bdde688b0671dca
humanhash: tennis-leopard-california-music
File name:SecuriteInfo.com.Adware.iBryte.Win32.9800.13896
Download: download sample
File size:12'560'576 bytes
First seen:2021-01-06 17:09:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 099c0646ea7282d232219f8807883be0 (476 x Formbook, 210 x Loki, 107 x AgentTesla)
ssdeep 6144:JstNBtwxiKDRg8vROq445PY+QkrO3aZkXiVuAFCD0g:cNBtwxBDRg8445w+QrzXIt4D0
Threatray 69 similar samples on MalwareBazaar
TLSH 88C608FDACBD0F79D32FE23668619222A55B1E3C794125E2B21673656430F4E98C32CD
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
144
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
magaRAT.zip
Verdict:
Suspicious activity
Analysis date:
2021-01-07 03:13:47 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f88986e6-0f40-434e-ab79-5e57da7eef00

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110768/
Detection(s):
SecuriteInfo.com.Adware.iBryte.Win32.9800.13896.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

PUA.Win.Trojan.Casino-141
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/575332
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1c6421eff5d5551f9032931c440e342b515ea903eae463d6ec7af4e6a4fab0fc/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-06 17:10:06 UTC
AV detection:
5 of 28 (17.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0681ecd6616ff5d98d9027707e825a27606de847c5260a9c0af7b9a85322af54
5d6a329f9cdca67ac1c48c34e882366992e0465941f0a9e3856f441f297109c3
73daa7c456a2dc8ebb8b372c752253c4d70ee390e35cc37b25f56571d31143ca
7fe8fe55cde58a7f0da954bf84de316e6d8997cf73f3fe3377f98912e6b5cedb
aacf02f626946da8a021dc8d531c4a210a98f3d2c170e3db43cc867faa1acb38
c3f74355307b1e9758a2df3e2579ccb83c260dc4fe03dd4fa1695cbceb867e4f
e68eaf634e7dbf615e60d315a40f6bf225c06ce933a4ae193ef8b63620640447
eaf4c919002576a1aa5c7729d2f953d8c0fcc2c4d34b3597ec15c207ef026e05
f1276162c44adfda7e0a2c65fa73515a29b0c56c4f0012273ac80114c01306f6
f783b40a52930d48605ec87cd62cacd6537e0b8f1e354e50b067cc679013fb3a
+ 59 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210106-dw4xf2zbrn/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Unpacked files
SH256 hash:
1c6421eff5d5551f9032931c440e342b515ea903eae463d6ec7af4e6a4fab0fc
MD5 hash:
abb796b12a0e9c4d8bdde688b0671dca
SHA1 hash:
56e6bd927d898dffa3e500d8cf6b8ff97b43d216
Link:
https://www.unpac.me/results/65a6287c-b3e5-4875-92d5-89fe5ddc7868/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Startpage
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1c6421eff5d5551f9032931c440e342b515ea903eae463d6ec7af4e6a4fab0fc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/110768/

Comments