MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35b570b9f6af5cedeb7f4b2f1090f81940ed9a8742f0c11169677d39cbb246b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	35b570b9f6af5cedeb7f4b2f1090f81940ed9a8742f0c11169677d39cbb246b5
SHA3-384 hash:	b2ec735b73f8250502d0c54a35d76601418de20a977f8b909b768e2962d44d9debe920a999870ce498e783ea2a83ca76
SHA1 hash:	9f824408d5bd587c713ca8e66901871da41be779
MD5 hash:	3adfc89a0774e9ed832fb785cce72cb2
humanhash:	october-monkey-spring-saturn
File name:	SchwarzeSonne.exe
Download:	download sample
File size:	625'664 bytes
First seen:	2020-05-19 13:02:37 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	2dbff3ce210d5c2b4ba36c7170d04dc2 (1 x OzoneRAT, 1 x DarktrackRAT)
ssdeep	12288:7eoNqBrEIfPe0hiRc7PvYtJupNl3mP9XsL5DP4BZs4ixsiNhkApRax:slEIfPb8RevYtJupNl3mP94DQv1ifNhe
Threatray	24 similar samples on MalwareBazaar
TLSH	27D4C021F2828577D1620F748C1BA3A6942ABF601E7DF547B7F81D0C9F79281692B393
Reporter	James_inthe_box
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

81

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Pequake-4

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-6

Win.Trojan.Delfreg-7345372-0

Win.Trojan.Schwarzesonne-7402608-0

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

PUA.Win.Adware.Dealply-6888238-0

Gathering data

Threat name:

Win32.Trojan.Schwarzesonne

Status:

Malicious

First seen:

2020-05-16 12:15:51 UTC

File Type:

PE (Exe)

Extracted files:

2

AV detection:

31 of 31 (100.00%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

361fb6895164e8e130e6fc3f6dc984af355294173c5e385d0ac35d6df61aea60

52b6f57b2e7a9fc832227cc0ae02794e506358a295dadcf75387755a1b84b1ea

5e5d88343393a5a1f98a66c8e5967023e200dcf3be81bc0a3c210396156d0fea

70384e8c5ba3d348bf34e7071759c64c52fa2e21ac9c331e719cbf9116efa57d

78cb6053d76d453fb3885f47c1634fc28e20862a5a73bcdc1557e5620ae7416f

7d56b15beb55a2a77afce882394f2ca64a5477ae0ba35536309b19a785d688d3

9a31db5bc233b3fedeeb7f8fda079d92cb4c42377d763f3cf37c98d452962ebe

bc9204be92ac0bd373bc0153d02be668ad82d382ebcc112fa8c252e6f9c67080

bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3

fee0b02e4e0358d8025fa74d2780dd557c2de871e03a82b3dd7aadaf451ea1a3

+ 14 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-5cj9rd6yln/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample