MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52e5077f573fa1bad88627d62d9609ca40b463f3a3762209da7f65ae43bc8582. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52e5077f573fa1bad88627d62d9609ca40b463f3a3762209da7f65ae43bc8582
SHA3-384 hash: 4468b4c4ac4a50dfcbb23f71c54cec12ecb0f633c70ec2b81ea5acd68c3ecaf9621ca6bc663711fd2e4b1a3205716e7f
SHA1 hash: 1709a8ff258a798a438a020ffd8c241c554f1b04
MD5 hash: ccdd0bbabd8a9f83a331b479dafeed98
humanhash: romeo-sweet-nevada-music
File name:SecuriteInfo.com.Variant.Razy.745659.26937.22704
Download: download sample
File size:5'246'976 bytes
First seen:2020-09-02 18:18:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5b0d2c8a351c6d461ad97a49997cf8ba
ssdeep 98304:Pxf9Xk+h0qYH0esm4krxnxWdr4bWYBzofKQceBOcbhyjdf3:P7Xk+Csm4khYr4yZfllBOcbhs3
TLSH 4D363322B5EA9530F4B22632537567009ABFBDB15D368DEA7F880E1D27781C0E378716
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Variant.Razy.745659.26937.22704.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
DNS request
Sending a custom TCP request
Creating a file in the %temp% subdirectories
Creating a service
Loading a system driver
Sending an HTTP POST request
Sending an HTTP GET request
Creating a file in the system32 subdirectories
Replacing system files
Connection attempt
Enabling autorun for a service
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/457793
Signature
Antivirus detection for dropped file
Detected unpacking (creates a PE file in dynamic memory)
Machine Learning detection for dropped file
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sample is not signed and drops a device driver
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52e5077f573fa1bad88627d62d9609ca40b463f3a3762209da7f65ae43bc8582/
Threat name:
Win32.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-09-01 20:59:04 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
suspicious
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/200902-dkq7vtlbkj/
Behaviour
Modifies system certificate store
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Modifies service
Modifies service
Legitimate hosting services abused for malware hosting/C2
Legitimate hosting services abused for malware hosting/C2
Sets service image path in registry
Sets service image path in registry
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Cryptor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/52e5077f573fa1bad88627d62d9609ca40b463f3a3762209da7f65ae43bc8582

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 52e5077f573fa1bad88627d62d9609ca40b463f3a3762209da7f65ae43bc8582

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/451636/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/54472/

Comments