MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f795e0508baf7d7b28241e4309efdb5be43b54a07b12627051eec889f52cd00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f795e0508baf7d7b28241e4309efdb5be43b54a07b12627051eec889f52cd00
SHA3-384 hash: 6bc6d85aea1de7dd3af8df1ce3a49e879df36becc0961b3d3c8bdc7b23885c2814b9c2d06cbded647190cc232e7eb3e8
SHA1 hash: 3a6515d7926ce86eff10e23aef544a2a30dfa376
MD5 hash: badbc47fcd3b4234fd4014394c92fdcb
humanhash: zulu-kitten-quebec-magazine
File name:8d963fd7b0ce3244b180711c90d88162
Download: download sample
File size:2'833'408 bytes
First seen:2020-11-17 12:34:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep 49152:2sX7cMUryefpbqDgphejKwAsPyMZnWBEZUzbNL3Mhg2aC3w0iEp:2glUrXfpUpjKKyVCZUHd3Nu7iA
Threatray 20 similar samples on MalwareBazaar
TLSH 64D5335A26A2EE13C64527704498C7B807E6EE982C77C7077AE7BD7F7A3C78418911C2
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for analyzing tools
Searching for the window
Creating a window
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4f795e0508baf7d7b28241e4309efdb5be43b54a07b12627051eec889f52cd00/
Threat name:
Win32.Packed.Themida
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:38:05 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  1/5
Verdict:
unknown
Similar samples:
14cccfdfec5ad5bb0a8c12e1c07c2dc92a21c3171b5bdc1ed026bad21611d0b7
36192aaa605b98f67d88d3712e5eb7ddd8e229766bbae3b2efebdb98f19662ea
450224b458d5d44cbaf62d95e18face27de776ed227ba0f7dc7e12bd07f64c9b
4d9b89978e6ca9cf14cb1f04859e01e66c1e0dbefedd1663617647535c0b3fa0
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
7c3c41d8da242f6ae707daaf842c0c0afb4ff541e3b009c62e51bc7d93eca86b
aaa3af0c4ffbb7bd8c5941dbf22c9ab92e83cbc6b680696d6ac208ad4d8e63ab
b9c037384eaa82706baf7c3cd5e1550fe9ad24083edeb00e55d9da8198ea6ee3
e9cced0b9ebefdba76a527b00dcb635a37ea0274f5b8038e9eec809bf2a500e0
f8915227c25c5ac552d66f3708f615cd517363953829d3715f38666d7dfa9770
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/201117-yp34tkl3cn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks BIOS information in registry
Identifies Wine through registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Unpacked files
SH256 hash:
4f795e0508baf7d7b28241e4309efdb5be43b54a07b12627051eec889f52cd00
MD5 hash:
badbc47fcd3b4234fd4014394c92fdcb
SHA1 hash:
3a6515d7926ce86eff10e23aef544a2a30dfa376
Link:
https://www.unpac.me/results/ecd9dbc3-aa2a-4330-9609-eb2803582551/
SH256 hash:
28e01078ef75b5d766bd55d1fe214305e9e6e826a22aa5af2b6d90568cd4ea1e
MD5 hash:
e5dc8d89b3cfa247f90e94a1c619df32
SHA1 hash:
cab254f3107bfd34851872a97ba51d059871d87c
Link:
https://www.unpac.me/results/ecd9dbc3-aa2a-4330-9609-eb2803582551/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments