MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39599008089755aa7cccb534b2c94ccb537f266018bb67ae3ed4b9f51c0a40b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 39599008089755aa7cccb534b2c94ccb537f266018bb67ae3ed4b9f51c0a40b9
SHA3-384 hash: 588504a3149dd3ca8acc8088b7fcc1823b3e821611613941cc096d9149009cb36a9b11b91f168a17a3f46d2425b25b20
SHA1 hash: 17f6d3dedfd6afe56135d3a2e7ae3a7d120151ca
MD5 hash: 6aa36f386a3e645f67cd6945374b8ea8
humanhash: neptune-sodium-ack-floor
File name:itunes.bin
Download: download sample
Signature n/a
File size:5'906'432 bytes
First seen:2020-08-02 07:30:36 UTC
Last seen:2020-08-02 08:44:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 55182673a64d7fe5965a75a5199efb25
ssdeep 98304:ExXcAe/BGF6Tb5D7QkTO1L8/N4P9wrHoJ5aKT+LHq:Ex01Xt8gO1L8/N3M5aioHq
TLSH 1D560163239240A2E1A14C328827BFB575B25B664B12D9FB5BC5FDC82D225D0FB32357
Reporter @JAMESWT_MHT

Intelligence


File Origin
# of uploads :
3
# of downloads :
45
Origin country :
IT IT
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file
Creating a process from a recently created file
Creating a process with a hidden window
Modifying an executable file
Changing a file
Reading critical registry keys
Stealing user critical data
Creating a file in the mass storage device
Encrypting user's files
Infecting executable files
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Signature
Hides threads from debuggers
Machine Learning detection for sample
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Potential time zone aware malware
Tries to detect debuggers by setting the trap flag for special instructions
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Threat name:
Win32.PUA.FlyStudio
Status:
Malicious
First seen:
2020-08-02 07:32:07 UTC
AV detection:
26 of 48 (54.17%)
Threat level
  1/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops desktop.ini file(s)
Enumerates connected drives
Enumerates connected drives
Drops desktop.ini file(s)
Loads dropped DLL
Executes dropped EXE
Executes dropped EXE

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments