MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34fea0ffa5d9e73cf376929c94e5e4ab31a7781f51c0e0e08012b714e7851e4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34fea0ffa5d9e73cf376929c94e5e4ab31a7781f51c0e0e08012b714e7851e4d
SHA3-384 hash: 3075f98d52d78955b8ef2edd536b3f31b2acb83b2084d88c098a9ffa020c08f4de2127dbef97fc7abf1f192a83deafe2
SHA1 hash: e6f76cd006fe2f9bd6c395a9c102feb963f5a88a
MD5 hash: 35469ff61ee2d9bcd8c301603b80d4d0
humanhash: delta-quebec-hydrogen-ack
File name:SecuriteInfo.com.Trojan.DownLoader36.26524.9571.7675
Download: download sample
File size:3'319'808 bytes
First seen:2020-12-08 21:42:11 UTC
Last seen:2020-12-09 07:20:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 097394572a8a875b95445a6f40f5a484
ssdeep 49152:vE8GO14aSIjL9ERbXg/2haPTLQMY3CwcWkKgFBB1LbfqLke8nHtuQyTX9depTJbW:vE8Fym3BFD1vtH8L8
Threatray 45 similar samples on MalwareBazaar
TLSH 28E5BE02B941CA76D2670230A96E77BA403CF5354B3145C3A7946A3C9AB16D17A3FF3B
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107357/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader36.26524.9571.7675.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Setting a global event handler
Setting a global event handler for the keyboard
Connection attempt to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/558485
Signature
Found Tor onion address
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34fea0ffa5d9e73cf376929c94e5e4ab31a7781f51c0e0e08012b714e7851e4d/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 18:40:22 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
22ba4198dd80989673a5db96ec9a50b4bbd45931c98636aba17443d638ef937c
29bf8be0eca74afc9c497693431e2703fa7a1f4aefe8fce82e3ac7e59e6604d1
3a53fc0060de3daa43eda52ecb4348ede9d1d95ba89e81906c19da1afd9376b5
3e483d19170652c8c74d9a42ef17804b4739e6290f08e54c68f8311e390b0c1f
56223f30d25ad9e7ace44f33bf080b1b965df0a8d4f0b298537d9dcda4162052
717b902e972dc5fef4b12b83f75a922acb007a547ec772b2084b307361d7f630
736cb846af9e2de5730d5b788603d49374fee0e309d2681392456aa41ec3eda1
d6964f92949edac5e3f2b740a6c2fa121eb1539f5a291ee7d4cc5cd55cadd49d
d827689b395e61faaa11fcf68118f58ae90a291819e1dabe2fd1f91c37805ee2
e1f08269363e55708c850e156f5f4cdc50acc14efdce1f3464a70c91548c7548
+ 35 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201208-e9p229y636/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
34fea0ffa5d9e73cf376929c94e5e4ab31a7781f51c0e0e08012b714e7851e4d
MD5 hash:
35469ff61ee2d9bcd8c301603b80d4d0
SHA1 hash:
e6f76cd006fe2f9bd6c395a9c102feb963f5a88a
Link:
https://www.unpac.me/results/c9a60b34-b21b-4e67-807d-9d71734e0f89/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/34fea0ffa5d9e73cf376929c94e5e4ab31a7781f51c0e0e08012b714e7851e4d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 34fea0ffa5d9e73cf376929c94e5e4ab31a7781f51c0e0e08012b714e7851e4d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/899827/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/107357/

Comments