MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20a9cd0868b1b7a6416048bbf924ba4cf4c4b596543f2eb5c8bf24166951b875. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20a9cd0868b1b7a6416048bbf924ba4cf4c4b596543f2eb5c8bf24166951b875
SHA3-384 hash: 2e71ccfb77d0058b215a0102414addce9745aa1b9ec777ea48ec643bbf2efc7665361c4f5c8445682a5c907695c5c716
SHA1 hash: 6bed3b94188e6c1a189e4e01bfab4c6a3c65f585
MD5 hash: 4b932f40941f6db7383af06d84d21ce1
humanhash: mars-wolfram-twenty-pizza
File name:SecuriteInfo.com.Trojan.GenericKD.45834876.10445.19462
Download: download sample
File size:4'064'768 bytes
First seen:2021-03-07 11:41:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7b467440ea238c8a63a5e3aa162de1f5
ssdeep 98304:6y1Rv6MXrIJ5ITCDlxnwoG4sY3XkwX35oVQ:6y+MXMATKlNHeY3US5oO
Threatray 63 similar samples on MalwareBazaar
TLSH 6516126265EA300DF4E4FD344AB6EEFDB1B962DA5643783F218429877711394AE03F12
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
159
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
9290fe75175367dd6330d504164fb597.exe
Verdict:
Malicious activity
Analysis date:
2021-03-07 07:35:28 UTC
Tags:
rat redline trojan loader
Link:
https://app.any.run/tasks/776360d1-d882-4ae4-b5bc-44501e004a48

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/122684/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45834876.10445.19462.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Running batch commands
Creating a process with a hidden window
Creating a file in the %AppData% directory
Launching a process
Sending a UDP request
Creating a window
Creating a process from a recently created file
Moving a file to the Windows subdirectory
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/630634
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has nameless sections
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 364289 Sample: SecuriteInfo.com.Trojan.Gen... Startdate: 07/03/2021 Architecture: WINDOWS Score: 72 37 Multi AV Scanner detection for submitted file 2->37 39 Machine Learning detection for sample 2->39 41 PE file has nameless sections 2->41 43 Uses schtasks.exe or at.exe to add and modify task schedules 2->43 7 service.exe 1 2->7         started        10 SecuriteInfo.com.Trojan.GenericKD.45834876.10445.exe 3 2->10         started        13 service.exe 1 2->13         started        process3 file4 45 Multi AV Scanner detection for dropped file 7->45 47 Machine Learning detection for dropped file 7->47 15 cmd.exe 1 7->15         started        33 C:\Users\user\AppData\Roaming\service.exe, PE32 10->33 dropped 35 C:\Users\user\...\service.exe:Zone.Identifier, ASCII 10->35 dropped 17 cmd.exe 1 10->17         started        19 cmd.exe 1 13->19         started        signatures5 process6 process7 21 conhost.exe 15->21         started        23 schtasks.exe 1 15->23         started        25 conhost.exe 17->25         started        27 schtasks.exe 1 17->27         started        29 conhost.exe 19->29         started        31 schtasks.exe 1 19->31         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/20a9cd0868b1b7a6416048bbf924ba4cf4c4b596543f2eb5c8bf24166951b875/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-05 00:56:00 UTC
File Type:
PE (Exe)
Extracted files:
33
AV detection:
30 of 46 (65.22%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0f59d4e8970f5f97d8a033783d8b9cdb8fe9a30ba4462366b254f6deb69696dd
22f105861b8c373e94d70ac51cdbc0f03e784acee57727dae0d734587c6033a7
3e5bbf9fcae918011ec4eee75ac6402fddf20d09fef95b362d0e226d56b80f1d
3f27ab35cc0da43df9e1374bcdc3aa1d2fcec4de0e3affd27de45099d4f815c8
6c94faa14df53b3ff392400569121f9204c463d93560b724704f7f2b4961a260
790c213e1227adefd2d564217de86ac9fe660946e1240b5415c55770a951abfd
966fc4bb79e63ab27222a3a13a7617415b4cd4642df4b15c5a19095a2775f3d6
a761168b889a5c5ff56defeb1cedb786ffa90e3b61b6660cfc41e49b1ee638f0
e58ef47a566a73ad01ce7a37c178d1fce2a3282882f814997aab487200cf8005
e781a2162de7ea85b85a82cb16bbe8bfbff33cfa368e096ee63d6108e18b0e79
+ 53 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210307-8ypc592znj/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Unpacked files
SH256 hash:
44d72334f69339caeeb777ebdd99c65ee8f1db9844dd86f887f0515e5e67b3dd
MD5 hash:
591c2a6dbc2d5330bd352fbc363e0a46
SHA1 hash:
3101ca10d61067e712971ef1d16d3e4191e6912d
Link:
https://www.unpac.me/results/e914b046-0ba2-4344-a789-6a7874d2e3f6/
SH256 hash:
20a9cd0868b1b7a6416048bbf924ba4cf4c4b596543f2eb5c8bf24166951b875
MD5 hash:
4b932f40941f6db7383af06d84d21ce1
SHA1 hash:
6bed3b94188e6c1a189e4e01bfab4c6a3c65f585
Link:
https://www.unpac.me/results/e914b046-0ba2-4344-a789-6a7874d2e3f6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Sality
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/20a9cd0868b1b7a6416048bbf924ba4cf4c4b596543f2eb5c8bf24166951b875

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 20a9cd0868b1b7a6416048bbf924ba4cf4c4b596543f2eb5c8bf24166951b875

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1052026/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/122684/

Comments