MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ebbf5127ddc28f2e0e70a630acea23bf8734ea6405811b8e35c9acaca5b7174. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ebbf5127ddc28f2e0e70a630acea23bf8734ea6405811b8e35c9acaca5b7174
SHA3-384 hash: 5797ff0a68f00b8a56c7e78201833cf38176ebe3977b3bd81279d6d7f65f57a761d00fec85a265905e097c9ab62107a1
SHA1 hash: 070b25794621f84b04e82535950562386794e669
MD5 hash: 5bc7c768f38e8a5e04fd6022e5cf1d19
humanhash: echo-diet-spring-lithium
File name:1ebbf5127ddc28f2e0e70a630acea23bf8734ea6405811b8e35c9acaca5b7174
Download: download sample
Signature NanoCore
Create hunting rule
File size:293'888 bytes
First seen:2020-07-06 07:06:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d341da41cdbebb27387f1bf2c0fabf2f (1 x NanoCore)
ssdeep 6144:cA4U+Ajp/zfZzwvNfvtGblz9Isfq+gGctAPKVy:Z4MVzfZsFfvtGPIsfq3TVy
Threatray 20 similar samples on MalwareBazaar
TLSH 9554D022F6CBE725D93A2472C6CEE5F28292FF22C5110D73A7693F38BD744061944A79
Reporter JAMESWT_WT
Tags:NanoCore

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/21045/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file
Deleting a recently created file
Creating a window
Enabling autorun with Startup directory
Detection:
nanocore
Create hunting rule
Link:
https://mwdb.cert.pl/sample/1ebbf5127ddc28f2e0e70a630acea23bf8734ea6405811b8e35c9acaca5b7174/
Threat name:
Win32.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2019-03-03 20:32:59 UTC
File Type:
PE (Exe)
Extracted files:
154
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1e22fffb30866578e2bae67b3a138e194853123914d5fa82440f6a2058bfdb3e
NanoCore
250ff8077acf0f36a91dd6b7fc485ac2b7b25854824c02e4212f1ff64b6f2a41
NanoCore
283546ce3d5ff6181f7a26c59936579519b87ab7d10e601bfae0cd8877443666
NanoCore
330662b9121761f04693442e1a7d9d847c5ec530b347f09af6b36201384bca21
NanoCore
3b8f8c5da5f2aa72adb56a42195330329e279ffbc1958fd568008fc8e5916b70
NanoCore
54f0211463fd813773ab82311eee3104c041b17a37e8c6308457294321d3587a
NanoCore
56af437f8b3b60b32b7cba77fa159138a777a48e98ce0215e8ec6f97ef12b223
NanoCore
703340ccade47686ffd64ad3bda9829f0b1d8b704101c5f5dc2b66edcf01dfa6
NanoCore
8c80a027ce9e09a0e6b260fb45690fc6274325fe96b78636570bbf08fc915a5e
NanoCore
dea2cb5a54e4dad6785f0c6ab61ec99ab2e49225d7f7b2f67c755c58d3084732
NanoCore
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/200706-11jqyztwza/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Drops startup file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/21045/

Comments