MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 290980462cb21d689c20276b2aac1aa8dc704b237235723e847199a109218e1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Vidar

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	290980462cb21d689c20276b2aac1aa8dc704b237235723e847199a109218e1e
SHA3-384 hash:	e8ddf1a957a4add5fdef4da4a857555b6ff29ef3cab2d8632cb9dcc6ff2598b0540f2dd5bddb897974160bc6a0f1c853
SHA1 hash:	86e804b72bf9d9de50117ed7a92314a2b5dc4f5f
MD5 hash:	b1fa2dd37499510913d9aa5f4bda5e1f
humanhash:	august-shade-south-lake
File name:	SecuriteInfo.com.BScope.Trojan.Hynamer.30124
Download:	download sample
Signature	Vidar Create hunting rule
File size:	187'904 bytes
First seen:	2020-07-19 13:41:38 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	47a842b9dfbc714d3dec79a92650aa72 (1 x Vidar)
ssdeep	3072:Eca06kfPe7sd98w6WBOpYGtUyfIGRnnJ:+ofZ8wTYpYkvdRn
TLSH	A704CF2135D1C4B3E61715B18856C7B25A3AF8301E749A873FC6833D6F362E6CB19386
Reporter	SecuriteInfoCom
Tags:	vidar

Intelligence

File Origin

# of uploads :

# of downloads :

152

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Vidar

Link:

https://www.capesandbox.com/analysis/27818/

Detection(s):

SecuriteInfo.com.BScope.Trojan.Hynamer.30124.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Reading critical registry keys

Creating a file

Deleting a recently created file

Reading Telegram data

Running batch commands

Creating a process with a hidden window

Launching a process

Sending a TCP request to an infection source

Stealing user critical data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/389844

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/290980462cb21d689c20276b2aac1aa8dc704b237235723e847199a109218e1e/

Threat name:

Win32.Trojan.Propagate

Status:

Malicious

First seen:

2020-07-19 13:43:05 UTC

AV detection:

41 of 48 (85.42%)

Threat level:

5/5

Verdict:

unknown

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-gcptnnmbne/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Loads dropped DLL

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/290980462cb21d689c20276b2aac1aa8dc704b237235723e847199a109218e1e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Vidar

exe 290980462cb21d689c20276b2aac1aa8dc704b237235723e847199a109218e1e

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/414922/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/27818/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample