MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4549d36771e2a7b7425b3853a4fcd6a80a926a36df36eec0942199f9aa3d2be7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4549d36771e2a7b7425b3853a4fcd6a80a926a36df36eec0942199f9aa3d2be7
SHA3-384 hash: 0d5d5dcbebcd47838be938b3e776a0075f9139d9d32518e578218262e66c19dd229e09c2dc48cd9d245037a33d382e68
SHA1 hash: bba3c2fe8fcd9dc7087b22540e590cbd206f07ee
MD5 hash: bdaf8a45432e2fc3a8acf75588f2723e
humanhash: eight-glucose-alaska-missouri
File name:bdaf8a45432e2fc3a8acf75588f2723e
Download: download sample
File size:1'491'376 bytes
First seen:2021-06-23 23:37:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 24576:SHLmCiIhUAIWCCu0wpDnsOzxsxhIWCCu0wpDnBPmiHwyRB4BBMvLhPX2zY:fqhCCu0wvWhCCu0wbmkqBmL1aY
Threatray 604 similar samples on MalwareBazaar
TLSH 9D65230079D5C872D5B22E3169386615683ABD202F29CF8BB7D4265CEB346D1BB347B3
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
bdaf8a45432e2fc3a8acf75588f2723e
Verdict:
Malicious activity
Analysis date:
2021-06-23 23:38:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8489e238-9b76-4ba7-9053-61ff953f477c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Trojan.Darkkomet-9861273-0
Create hunting rule

SecuriteInfo.com.BackDoor.SiggenNET.5.27436.8753.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9dc49c5d-82f2-4284-8f4c-489c762e065b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
42 / 100
Link:
https://www.joesandbox.com/analysis/806942
Signature
Multi AV Scanner detection for dropped file
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Sample is not signed and drops a device driver
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 439354 Sample: RA8z8I3UIW Startdate: 24/06/2021 Architecture: WINDOWS Score: 42 7 RA8z8I3UIW.exe 83 2->7         started        file3 24 C:\Users\user\AppData\Local\...\Wbusy.exe, PE32 7->24 dropped 26 C:\Users\user\AppData\Local\...\KEYBRD4.SYS, FreeDOS 7->26 dropped 28 C:\Users\user\AppData\Local\...\KEYBRD3.SYS, FreeDOS 7->28 dropped 30 30 other files (2 malicious) 7->30 dropped 32 Sample is not signed and drops a device driver 7->32 11 cmd.exe 3 7->11         started        signatures4 process5 process6 13 WMIC.exe 1 11->13         started        16 Wbusy.exe 11->16         started        18 net.exe 1 11->18         started        20 3 other processes 11->20 signatures7 34 Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes) 13->34 36 Multi AV Scanner detection for dropped file 16->36 22 net1.exe 1 18->22         started        process8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4549d36771e2a7b7425b3853a4fcd6a80a926a36df36eec0942199f9aa3d2be7/
Threat name:
Win32.Trojan.Zpevdo
Create hunting rule
Status:
Malicious
First seen:
2021-06-19 01:04:05 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
015413a27756d532fb91bd33bc910274232efcfe170cd93794dd1ebfbac72212
060f47ff732e52dad19d6f2803617491cf640f845d828846b481184427e379a9
1202173f3ce4f49947f8e6554991a320c7a6e5faced43bec6a3bd051d13f7666
41609e0f1ff71e0b6421e8e3bfbac0307c0f5f80f9e1b3b60de547a54a80de51
4c25202298f76f1598a1e169ca435b80541e1db59c542f55e1eb8e3cbf76a419
6624ce134dd16a37d6615483002f24b74c74c55b45259bc5408b7ae804d0fe22
91a63868ca56bae97b954c0ece75ed4f66e18bf2c258a9ed5712e376bae7220c
99612e143d65598f830df1494e16eace445f0904218f3d6335f3cbd29d0378b5
a144d424d0ace63551d67ee67efe8ff6242df2b5c55d8f2494e0731f2d88f711
da58d100900745d6a15113e8b8cb5c2a3252a3c4a063ccc64fd09cc75cfb21ff
+ 594 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210623-2fgcb3rj6j/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
aa73e81f0dc5a2bcf273608a54060dcd988c0abfef6949cdb79c5d03fedbda4c
MD5 hash:
b40293170d18a4db93921c8e87b93773
SHA1 hash:
948543d87b62be732782618fb5792dfd68e01ece
Link:
https://www.unpac.me/results/7d376030-e72b-406b-9ee8-3b90e39c8b37/
SH256 hash:
4549d36771e2a7b7425b3853a4fcd6a80a926a36df36eec0942199f9aa3d2be7
MD5 hash:
bdaf8a45432e2fc3a8acf75588f2723e
SHA1 hash:
bba3c2fe8fcd9dc7087b22540e590cbd206f07ee
Link:
https://www.unpac.me/results/7d376030-e72b-406b-9ee8-3b90e39c8b37/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4549d36771e2a7b7425b3853a4fcd6a80a926a36df36eec0942199f9aa3d2be7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4549d36771e2a7b7425b3853a4fcd6a80a926a36df36eec0942199f9aa3d2be7

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1392913/

Comments