MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a8b84761200ff05a63ccc2f2f8d2d95e55bacbf3dfa425b6d0a1d0228fb8078. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a8b84761200ff05a63ccc2f2f8d2d95e55bacbf3dfa425b6d0a1d0228fb8078
SHA3-384 hash: 37db60a6e64b0f4dfb2d84bd4d47c6bb8b3ce26711be5fd7d5b9c21e7df952ba13d3a013d61af59b6aa930b9280c0819
SHA1 hash: 446f546aa7f0c283efd1b73fe40b9f7042414143
MD5 hash: c5de353b3fec706fbc0b937431ad79a6
humanhash: robin-india-kitten-georgia
File name:2a8b84761200ff05a63ccc2f2f8d2d95e55bacbf3dfa425b6d0a1d0228fb8078
Download: download sample
File size:2'075'849 bytes
First seen:2020-06-03 09:42:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep 49152:xvf6MKhTI5IJ9q+OKBhkjT32wfhp3HQt8OY3Yf:xtKhTI5IJY1jrv2WOMYf
Threatray 10 similar samples on MalwareBazaar
TLSH 45A5D1C884620F6ADED1547BCF629E865417D00D8B19A792851D00B983CB4DA8FDBFBF
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 00:45:00 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
17c1432427baae5d78a79ec3b031e7bd1cccdd7aa87f8334d828ed15669b8337
2882a3ea96a1a8ecb97c338a9903d110b1f2859bd424e6e34153667b29d876c8
3e033f4fa5d62a4e9b5eb35d21b2859adbfd67411bd9c1be212c4a5de26afddb
5e65e89ec413345a3e2b5476b6e639423e955aa3a34e36d82d621ed15e53383e
6057a10b27aebb92f7d961ce23929dc41579f6da1dcbf28572d8c5f0ffac488b
632562060da02f7ed5e92b1fe1bd94ce8d993cb134e93f8294beade2f0f42974
739d40c80783a52ae341907b2996cac8a4a51189c176d9e3270a74c3e9d7779b
758c9e9642b467c181548b07d7d47e32e2e37ce7298e0d89674fdbcbe13eb50e
ef9a7d180675555b686e1c20b4a361bba647fb1b9248fb0b83ca034a6ddb6755
f5f22da770bfd33da2fa26f353f66a96cb4fa0304b885949db4b2b50113b090a
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion persistence
Link:
https://tria.ge/reports/201109-3cljpqbxcn/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Drops file in System32 directory
Modifies service
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Checks BIOS information in registry
Identifies Wine through registry keys
Loads dropped DLL
Executes dropped EXE
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Modifies visiblity of hidden/system files in Explorer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments