MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ba65c6392cdc7f34eaf9c35f66d0e51fd7b384220a6f4f24a789b8560b4369e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ba65c6392cdc7f34eaf9c35f66d0e51fd7b384220a6f4f24a789b8560b4369e
SHA3-384 hash: e8bab57b3fbe9f9990e092f6f66aa37caa3286f0e7559a53a77864ef96e57d9f84c44fe21160ca03cce52056cc44add3
SHA1 hash: 7230163d322898e77bb5fcf14b157a8980e10c24
MD5 hash: 7af02ab30180a5aa5933e4d51ab112a8
humanhash: tango-mirror-london-friend
File name:a0090450017d549ebca5cc6ff2ac16d9
Download: download sample
File size:385'026 bytes
First seen:2020-11-17 12:18:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b71ae52e8715ee7bfaa0c9df227db54a
ssdeep 6144:bX3bOU57Iz44gaDosJQO3zDo0W7cyqCxSngmMBqfycuPbUl0i5cD5J6U:V57IMh0Dj+0npM4dl0v5JF
Threatray 32 similar samples on MalwareBazaar
TLSH C284BD86735FAD19CC3E357714797201A8D2991FAE6C7D0EE568478A76A7C3FA08B00C
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Razy-9786051-0
Create hunting rule

Win.Packed.Razy-9787418-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2ba65c6392cdc7f34eaf9c35f66d0e51fd7b384220a6f4f24a789b8560b4369e/
Threat name:
Win32.Trojan.Khalesi
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:24:06 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
09afae7f6d16eccb54b77079119c4e18ac3470d6528fe5fbbd513e79d24b2223
1f2efa2a023e42852e744c68ec659295448900f471a47032610a9493dc1a1f85
2ca57ebbf48c57749650c40d45af0dd53b38d8e82a9d3668548a81c678e3ebad
59eb4977b433ca77f1590c094dead7cf6bfc1cee4ece19ec994af25d918b54b9
607e4d4226a25bbb02d16909b1fb1b3ceac33d8dec5f03b15c754cb94cbb40ea
6186af3342ae4ac28333e6b5ecf3ddd4ca934924d3cfe99f2f12a1d865f438cb
75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
86fe2e6e9e79698dceda960022520a304789ca3c395e5834aac148f8f9176035
a91d59c97ca82cdb4fc003a58f71e96d9006fd9de285b8b4b9292c334509e364
c48593dfc87f2be8fa0dd33decfe26210fecb999a4f8095b363d6df8153991b2
+ 22 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-f2szegvbjs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
2ba65c6392cdc7f34eaf9c35f66d0e51fd7b384220a6f4f24a789b8560b4369e
MD5 hash:
7af02ab30180a5aa5933e4d51ab112a8
SHA1 hash:
7230163d322898e77bb5fcf14b157a8980e10c24
Link:
https://www.unpac.me/results/aef6d706-95f4-4ad9-b630-3820c6bdb949/
SH256 hash:
2590e4c4f60325319db757f787a70f74ff6ddd2fac598c41df585b7aaf3be12e
MD5 hash:
f081c3fe38ed50921fac02d9fdb2974f
SHA1 hash:
23f6bc1de97a2afe576e2d4a02dc66797a02a304
Link:
https://www.unpac.me/results/aef6d706-95f4-4ad9-b630-3820c6bdb949/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments