MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 276ff250495d6b475c84a26dce4faa535f976780fdfc69cc0dc831dba3451a5c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 276ff250495d6b475c84a26dce4faa535f976780fdfc69cc0dc831dba3451a5c
SHA3-384 hash: d940a6e94c93273df05c5cafdb55e1cf32cae0b985e00fda68ac5403bca5f7527a2ec37a2a17ec33c3250f41a1a1128d
SHA1 hash: 1a3ff0a5f5ff2cc8bf445b4b64440e777ed4b846
MD5 hash: fad5cc2efa4308ccac23d0a1f4c97344
humanhash: spring-kansas-minnesota-mobile
File name:SecuriteInfo.com.Trojan.GenericKD.43320320.27635.20193
Download: download sample
File size:4'205'594 bytes
First seen:2020-06-11 21:33:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4328f7206db519cd4e82283211d98e83 (533 x RedLineStealer, 18 x Arechclient2, 15 x DCRat)
ssdeep 98304:RhMQbZZDqbe0qBUlzXhAgK0ZmM2LjvguvKttH:R2oPDYevQhAiZmvZvKT
TLSH 241623A135C2C900CDBA1677D4EF8C5A8798A9056E32D7376E7AB2D89CC1B51DC0F9C8
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9062/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43320320.27635.20193.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Packed.Themida
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 00:49:00 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  1/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/201109-nxavnjy4ex/
Behaviour
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks whether UAC is enabled
Checks BIOS information in registry
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 276ff250495d6b475c84a26dce4faa535f976780fdfc69cc0dc831dba3451a5c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/384142/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/387586/
Cape
Cape
https://www.capesandbox.com/analysis/9062/

Comments