MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a7a38302fddb6caa7d4c380fb14cda9c57bdd2f1b7c97fb88d155fab76d63df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a7a38302fddb6caa7d4c380fb14cda9c57bdd2f1b7c97fb88d155fab76d63df
SHA3-384 hash: a71f4050a15928d86145ac1d75f27fa72650e351e3e1565dfe26f1b2bd9af0eca9196691a7558c78fd7ef54d785d89bb
SHA1 hash: 9752f3265efcfa1c9bdd12875cbf9794d33c9ea4
MD5 hash: ce5e901fe35f98407ed9dbecc53f2069
humanhash: queen-robin-five-mockingbird
File name:SecuriteInfo.com.BehavesLike.Win32.Generic.wc.23279
Download: download sample
File size:4'083'712 bytes
First seen:2020-05-14 18:37:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f2b20c2b9eed08cfe5b3d0c983afb3d2 (1 x Glupteba, 1 x ArkeiStealer, 1 x RaccoonStealer)
ssdeep 98304:mPld14mqsbTc5xYdGOB7P/ZHBwJskFEeR0BgWG/0:eimqsvc5xSTrZOJsVeRh
Threatray 41 similar samples on MalwareBazaar
TLSH B716330D37EF2670D66A4E70097EF6A53D0ABA518C29E1FA52804E6F1E611F44D233DE
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.wc.23279.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 16:10:11 UTC
File Type:
PE (Exe)
Extracted files:
70
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
37c78d45542b2109dcf160591e570469946ffcdfb5042cede4671eef5543c5c9
5851f851fd3f4818e16bcf8ac00b723f43d2efd4b2d1acd3c506a8d32f8de14b
6d5eaba61ad880a2fe44a32368a9af62d1165a367c9f08949df9637c05a11f3f
86fce58f93e4087e261c52befbb872ddafeb8129008d5153c90084cd4a4a45d0
9f0c58f568c713eb2a7fc4836806a3e70bcdb41d05bfc75a1f815c64d856afde
b1ed7bb07b8e8086daf08820e00d383fba1ba39a6ec2cc02a08d1868eb68c20f
b7db5b70b15ebac71e0aa8d7cb4e5f663171721b03157644cc2880a38337048a
c006abbb1bae333e5973f9c419bfd9c3c721698cf2cf3ffbd1048fdfb4de811b
cb1ffa5cd81d50702ee7296cd788a66fa8d5aa422e5cb4cdaca5a2ea4322141f
cd689e05263e010dd9c23607c7d8dee3e4d5c536232e8db22e9221bfbfe834ff
+ 31 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery evasion persistence trojan
Link:
https://tria.ge/reports/201109-fmg45g3wbj/
Behaviour
Creates scheduled task(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Modifies service
Adds Run key to start application
Checks installed software on the system
JavaScript code in executable
Loads dropped DLL
Windows security modification
Executes dropped EXE
Modifies Windows Firewall
Windows security bypass
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4a7a38302fddb6caa7d4c380fb14cda9c57bdd2f1b7c97fb88d155fab76d63df

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/362655/
  
Delivery method
Distributed via web download

Comments