MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 24d6774c1e91ab5d03b2bc857f8f35534acbc8f4ed8aaf802372588638100cb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Retefe
Vendor detections: 5
| SHA256 hash: | 24d6774c1e91ab5d03b2bc857f8f35534acbc8f4ed8aaf802372588638100cb4 |
|---|---|
| SHA3-384 hash: | 7df0d6629c58d344b39f365d6a8dfe37434148240b1706fa9255b1f45c9f12d1366f3523bbef2254b752774e4acca0d9 |
| SHA1 hash: | 7749c9a59887a27e0ab1a41d19b8b21715460483 |
| MD5 hash: | 9ef2df5ca2663892765372d777d35941 |
| humanhash: | pizza-california-william-carbon |
| File name: | 7749c9a59887a27e0ab1a41d19b8b21715460483.exe |
| Download: | download sample |
| Signature | Retefe |
| File size: | 194'128 bytes |
| First seen: | 2020-03-17 13:07:26 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | dbb1eb5c3476069287a73206929932fd (27 x NetSupport, 1 x Retefe, 1 x ArkeiStealer) |
| ssdeep | 3072:ftFw8wzBh6/WBUJ0T5mLUrykH2TTNTJTCN5gTGhSkT5dgsUGOgkBFVYbsVTHuGEc:lFw8wzBhaEUJ45mnkC85p8mHWSM |
| Threatray | 45 similar samples on MalwareBazaar |
| TLSH | 0214635F401B0B94E7385730CE59349780EC75097C97EAFBFDD92A8215B91EAE06EA30 |
| Reporter | Anonymous |
| Tags: | Retefe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
1'858
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Gathering data
Threat name:
Script-JS.Trojan.Proxychanger
Status:
Malicious
First seen:
2016-06-14 01:07:21 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Similar samples:
+ 35 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| AUTH_API | Manipulates User Authorization | ADVAPI32.dll::SetFileSecurityA |
| COM_BASE_API | Can Download & Execute components | ole32.dll::CoCreateInstance ole32.dll::CreateStreamOnHGlobal |
| SECURITY_BASE_API | Uses Security Base API | ADVAPI32.dll::AdjustTokenPrivileges ADVAPI32.dll::SetFileSecurityW |
| SHELL_API | Manipulates System Shell | SHELL32.dll::ShellExecuteExW SHELL32.dll::SHFileOperationW SHELL32.dll::SHGetFileInfoW |
| WIN32_PROCESS_API | Can Create Process and Threads | ADVAPI32.dll::OpenProcessToken KERNEL32.dll::CloseHandle |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::LoadLibraryW KERNEL32.dll::GetCommandLineW |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateDirectoryA KERNEL32.dll::CreateDirectoryW KERNEL32.dll::CreateFileMappingW KERNEL32.dll::CreateFileW KERNEL32.dll::CreateFileA KERNEL32.dll::DeleteFileW KERNEL32.dll::DeleteFileA |
| WIN_BASE_USER_API | Retrieves Account Information | ADVAPI32.dll::LookupPrivilegeValueW |
| WIN_REG_API | Can Manipulate Windows Registry | ADVAPI32.dll::RegCreateKeyExW ADVAPI32.dll::RegOpenKeyExW ADVAPI32.dll::RegQueryValueExW ADVAPI32.dll::RegSetValueExW |
| WIN_USER_API | Performs GUI Actions | USER32.dll::FindWindowExW USER32.dll::PeekMessageW USER32.dll::CreateWindowExW |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.