MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 225c4f945e7f1d8296253654921c474e90829036ea0b4797ebbc9364604bf334. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 225c4f945e7f1d8296253654921c474e90829036ea0b4797ebbc9364604bf334
SHA3-384 hash: cf6d7b0953e91f644b9071c865103ea3e43613f01152d91c7296c1e690e1c69270e87d1629aab7a9282006a33033054a
SHA1 hash: eecac15d7b389787d9f666e69da94fa9bd5ee2a5
MD5 hash: e3379764c86866db09707c6e3abf92d7
humanhash: bulldog-green-maryland-four
File name:225c4f945e7f1d8296253654921c474e90829036ea0b4797ebbc9364604bf334.bin
Download: download sample
File size:50'249 bytes
First seen:2020-11-17 17:32:39 UTC
Last seen:2020-11-18 21:48:27 UTC
File type: elf
MIME type:application/x-executable
ssdeep 768:YR5w0Fl0wa6kZnb8nVgM9sftyufcUNC+P7y/:IhFl076anAVN9s17zNCWy/
TLSH 6133B427B541CAB8C49AF1B45EDF81B4A43375F45B32720B33041A7AB861BD84F2F699
telfhash 27f0c042b93eeb0611f748708df487e60187a14354711b15df14eac1483ea06e618e4d
Reporter Arkbird_SOLG
Tags:elf PWNLNX retrohunt Winnti

Intelligence

File Origin
# of uploads :
2
# of downloads :
166
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.WINNTI-7793130-1
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/225c4f945e7f1d8296253654921c474e90829036ea0b4797ebbc9364604bf334/
Threat name:
Linux.Trojan.WinNti
Create hunting rule
Status:
Malicious
First seen:
2020-09-22 10:47:33 UTC
File Type:
ELF64 Little (Exe)
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-kswcsghy5a/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/China/APT/APT27/2020-11-17/Yara/APT_APT_27_Nov_2020_1.yar
  
Delivery method
Other

Comments