MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 380a0d5b3d5ae9eb9a53cf5bb4fe1737de62020e4f0ec5f56ee601bf8a884d1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 380a0d5b3d5ae9eb9a53cf5bb4fe1737de62020e4f0ec5f56ee601bf8a884d1b
SHA3-384 hash: 1474585943cae1809591af214c832764182dbd6affe9aca18519875aadb62865330aa860ac55fd5b0190dbc642dbd7b9
SHA1 hash: aac7d466f910a0f7faa13ef06b9f48fe185f4b2c
MD5 hash: 2f9dffa0fbcf7f0a855f8b06095feb55
humanhash: alabama-earth-september-illinois
File name:SecuriteInfo.com.Gen.Variant.Application.RemoteUtils.1.15682.29264
Download: download sample
File size:6'533'889 bytes
First seen:2020-06-02 09:34:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c769210c368165fcb9c03d3f832f55eb (8 x RemoteManipulator, 1 x QuasarRAT)
ssdeep 196608:8+oCQEZSkSBVTQ1CRV/ZZVSMaJOiNfmyqf5BjCJOJSc8:8sQEZS21CR/8NuZ5BeJAC
Threatray 7 similar samples on MalwareBazaar
TLSH 5A66337137DA85BDC0918834BBD16AB19AE5CFBB03294D4333A11C5A3A94DA1E17733E
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.Variant.Application.RemoteUtils.1.15682.29264.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.PUA.Remoteutils
Create hunting rule
Status:
Malicious
First seen:
2017-07-14 23:45:38 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1
2d40a6c3d1200616055b55031daa8a6b010b3c99219f6b6da87bcd2b2f27d6c2
31e0d8d290cef40450e8afb88a58749155645f4f702bdec51a81290d0230de09
62cdf6d69798ae88f69de36a3dfa43295c2c0f14722a9f7227d7caf4a256224b
841419d6c404a4baf5287348cbf0fce17fccbae5b64310fddbfc8bc356a1bae1
b5961f407c0afef04c9406ba17cbae3fe4cc575b47e50081abbda0d96f9c0f18
c72abb73f39b466cd8b230c1fd9d6c1bf46573db11038eaa407d47976eb317eb
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-dbgv8q9bfe/
Behaviour
Modifies data under HKEY_USERS
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in System32 directory
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments