MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 399a07cb8e62e14926c917d66f33b1d2e441a8fc795ca26ac00514f8d96ce638. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 5 File information Yara Comments

SHA256 hash: 399a07cb8e62e14926c917d66f33b1d2e441a8fc795ca26ac00514f8d96ce638
SHA3-384 hash: f974a668a4f3732a1e910a46b865c3ca27465838db781787ccd9ee673f92f670511ed05f8f80c70956e6ce231662b3b7
SHA1 hash: 4fd78daa5a09be4d101ab770bb1dc4d82738252f
MD5 hash: dc9e2cc98b0524c2b5abaad61fb91e58
humanhash: comet-bakerloo-burger-fanta
File name:SecuriteInfo.com.Trojan.DownLoader28.6804.6581.16065
Download: download sample
Signature n/a
File size:446'976 bytes
First seen:2020-08-01 19:32:48 UTC
Last seen:2020-08-02 07:33:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bfb31c8096812c70f9f45e5c10271445
ssdeep 6144:X3FY67ilNJFDUHsUYkVNTiAMHP8PmyCFvk/wVqAXB/LpcF/xjKDeMs3H3A4pTBy:lZ2HGNTiAMHPqCc45qBH1pTc
TLSH 3194F186A683C1F5E0C286B4EDE98B7F4A285231633AD1E3D7949E11B4505E0E77D3CE
Reporter @SecuriteInfoCom

Intelligence


File Origin
# of uploads :
2
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Connection attempt
Sending a UDP request
Enabling autorun by creating a file
Unauthorized injection to a system process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Signature
Allocates memory in foreign processes
Contains VNC / remote desktop functionality (version string found)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Writes to foreign memory regions
Yara detected Keylogger Generic
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.NetWired
Status:
Malicious
First seen:
2019-05-09 21:01:27 UTC
AV detection:
27 of 31 (87.10%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Behaviour
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Maps connected drives based on registry
Maps connected drives based on registry
Drops startup file
Drops startup file
ServiceHost packer

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 399a07cb8e62e14926c917d66f33b1d2e441a8fc795ca26ac00514f8d96ce638

(this sample)

  
Delivery method
Distributed via web download

Comments