MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f2efa2a023e42852e744c68ec659295448900f471a47032610a9493dc1a1f85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	1f2efa2a023e42852e744c68ec659295448900f471a47032610a9493dc1a1f85
SHA3-384 hash:	19fd3ab65aa713695249292d7425a3e7e9077f7bdcf1abb5572f0e0436ae5365b6f51f3206d5f08bff2c9f0a477b0933
SHA1 hash:	5ba81ef1ffd90fc1d8ade97781bc7549ae55ffa5
MD5 hash:	ad02ab2e073336e98aa08f4aba94c5e3
humanhash:	bravo-virginia-pennsylvania-december
File name:	1f2efa2a023e42852e744c68ec659295448900f471a47032610a9493dc1a1f85
Download:	download sample
File size:	281'600 bytes
First seen:	2020-11-07 19:15:47 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ef3fd1c1a81435e51fcc42212e25d2ec (7 x Reconyc)
ssdeep	6144:Rx09kJD39k5dOxUlawp7/M22HuHSleulnM6d5B7mN1SJZf:X09m39C8alE2CFln9Hu8JZf
Threatray	13 similar samples on MalwareBazaar
TLSH	C354D0411EDF3C43F9C6D4325DA2798AA6C5AA4C445B3F2BE77AF033958802BD12A5F1
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

49

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Replacing executable files

DNS request

Moving of the original file

Deleting of the original file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1f2efa2a023e42852e744c68ec659295448900f471a47032610a9493dc1a1f85/

Gathering data

Verdict:

malicious

Similar samples:

06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232

296b64f00dfe0aacad6cb5b400caf51f90f0129fb07e1afc71abc0d3a2b1b1a5

3075a769f000372501a625d5073892f6a1c7363fe4ec5751658d7bc00561d0ff

6153eb4861731cb8b710414247b40ca5851a31c6a79b44d488d02d59b4abc5ff

75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291

8d5fcc37dd8243986f9bb28dccd74960163c965f87f23fc4e0360f17188cc332

9ea59a3284eb0dfd4af9a58e5e5be9abf46cd42e911650f587c7d6d67d29691f

b604f76daf8cf56c371dbfc20bbeff0ab2d451d9fa059615682a0c6054bf1627

bbdd92fe560df908080324d2c514af5c674f1aa2b8c4b65d5a37a5cd6ccbbba2

ee379be40d5c1621d1e0ccf136de363f950cbc92e5ee7f2b05c447cf8f6f2398

+ 3 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/201108-vfm4pcktcn/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: RenamesItself

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Suspicious use of NtSetInformationThreadHideFromDebugger

Deletes itself

Loads dropped DLL

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample