MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45e9959441e6e30c4c7a4dd8b3d56b88ad09d2ad253851ea79be62ec9c1c8f68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45e9959441e6e30c4c7a4dd8b3d56b88ad09d2ad253851ea79be62ec9c1c8f68
SHA3-384 hash: c98c488bfceb1e18b5ee6ff5900813b5c90d7d5ed1fb96da3ba7291538e4aeb31c5ff2a8b2f2d12915cbfc933d272b60
SHA1 hash: f5bd61329c053d0d76b9a8f3e5df5b03aff8cf6d
MD5 hash: f72ea076e07c302ea599963ef447d009
humanhash: uncle-chicken-louisiana-cup
File name:45e9959441e6e30c4c7a4dd8b3d56b88ad09d2ad253851ea79be62ec9c1c8f68
Download: download sample
File size:1'331'200 bytes
First seen:2020-06-10 11:29:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 37c6c0cc4d20c311c793c6b743da8942 (2 x Kimsuky, 1 x CryptOne)
ssdeep 24576:V+gjUXfXx69vDBDziVukBN1bZlNWq3YIKHKtf+ir:1jUPh6tBzwBNhZj3fGi
Threatray 24 similar samples on MalwareBazaar
TLSH 9A5533273C953C32F61C8636B1736AB896136D9BC414A70F34D7F23E763AA62B101927
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.EnigmaProtector-19
Create hunting rule

PUA.Win.Packer.EnigmaProtector-1
Create hunting rule

Win.Malware.005376ae-6840569-0
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Hakops
Create hunting rule
Status:
Malicious
First seen:
2020-05-30 02:40:00 UTC
File Type:
PE (Exe)
Extracted files:
22
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
26bbd10d6fa04b957de85d976141cd849d21cf790694e3145cc34b3c48439103
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
5ef8714caf9c7296847b67b27edb93c3aec23d7e77b57d23d0e8607d707a2c49
6c90f16a6932be921cbb44b9e4531cf36e5ded6d5dd0016c4309a56ab8a96461
7ec599424a161fe942345c2336dd0cfb8c7d64e6e72b8e90efd999328b06cc04
88e03236b248d004923161c7928a1546cdffd0b6e8c30a22b1d49b05dca9b2da
991c4166a2246ca5ae9186a1e747f5eb767fdbd304dbfa1c5f4a2019cb6b4aec
e24f69aa8738d14b85ad76a1783d51120b8b6ba467190fe7d8f96ad2969c8fdf
eddc999a7e76c2af01abaa813a903686f6f5b7ff94a7587c071bf2d2243b5239
+ 14 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-1dg7l2vfsx/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments