MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54e6ea47eb04634d3e87fd7787e2136ccfbcc80ade34f246a12cf93bab527f6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BlackTech


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54e6ea47eb04634d3e87fd7787e2136ccfbcc80ade34f246a12cf93bab527f6b
SHA3-384 hash: 901d2002dff5c6da794ddcbc593fc1a1c2913309e7ea74c4e5daf8d7b3f44ff2af095bf665cc6ab1c25f3b792d5198f9
SHA1 hash: 8f35a9e70dbec8f1904991773f394cd4f9a07f5e
MD5 hash: 287d612e29b71c90aa54947313810a25
humanhash: thirteen-cold-violet-ohio
File name:54e6ea47eb04634d3e87fd7787e2136ccfbcc80ade34f246a12cf93bab527f6b.bin
Download: download sample
Signature BlackTech
Create hunting rule
File size:440'320 bytes
First seen:2021-12-30 13:36:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a59ed1599cc2f8311b215c83c51a2cc4 (1 x BlackTech)
ssdeep 6144:CdaRD0n4URr6zIKgDCVh84DLn5X3lWiDSVS1dGSLaYWis:XRonpRroIKgDCY4DLVlW3UiSL4R
Threatray 1 similar samples on MalwareBazaar
TLSH T13594AD933541C371CA177D7695789AAD4B3F8D3816BAB987B3B83B8F5C303918636902
Reporter Arkbird_SOLG
Tags:BlackTech exe Flagpro

Intelligence

File Origin
# of uploads :
1
# of downloads :
342
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
dwm.exe
Verdict:
No threats detected
Analysis date:
2020-10-01 04:32:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/597d1b18-6370-4673-8357-6ca1df3195e6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/216861/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34638912.9232.15691.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Searching for synchronization primitives
Сreating synchronization primitives
Creating a window
DNS request
Searching for the window
Sending a custom TCP request
Creating a file in the %temp% directory
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/3515/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
CPUID_Instruction
EvasionQueryPerformanceCounter
EvasionGetTickCount
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/61cdb6018991ba72b3a04981/reports/8a934b98-5c39-40e2-9c21-265510d65b98/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
BlackTech
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f8c97cb1-2ae8-4a19-8336-d68059649355
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/914055
Signature
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 546533 Sample: P9vptBtNL1.bin Startdate: 30/12/2021 Architecture: WINDOWS Score: 56 28 Multi AV Scanner detection for domain / URL 2->28 30 Multi AV Scanner detection for submitted file 2->30 6 iexplore.exe 2 90 2->6         started        9 P9vptBtNL1.exe 13 2->9         started        process3 dnsIp4 20 192.168.2.1 unknown unknown 6->20 11 iexplore.exe 29 6->11         started        14 iexplore.exe 29 6->14         started        16 iexplore.exe 30 6->16         started        18 5 other processes 6->18 process5 dnsIp6 22 org.misecure.com 207.148.109.242, 80 AS-CHOOPAUS United States 18->22 24 gstaticadssl.l.google.com 142.250.203.99, 443, 49771, 49772 GOOGLEUS United States 18->24 26 9 other IPs or domains 18->26
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/54e6ea47eb04634d3e87fd7787e2136ccfbcc80ade34f246a12cf93bab527f6b/
Threat name:
Win32.Trojan.FlagPro
Create hunting rule
Status:
Malicious
First seen:
2020-10-02 01:09:00 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kttour7larru2puh7v3ypyqtnth3zsak3y2pervbft4txk2sp5vq._file
Verdict:
malicious
Similar samples:
655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5
BlackTech
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211230-qwth2sfhf6/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
54e6ea47eb04634d3e87fd7787e2136ccfbcc80ade34f246a12cf93bab527f6b
MD5 hash:
287d612e29b71c90aa54947313810a25
SHA1 hash:
8f35a9e70dbec8f1904991773f394cd4f9a07f5e
Link:
https://www.unpac.me/results/08cb6bb7-e5d2-44d7-9baf-dcdaffac0f86/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/54e6ea47eb04634d3e87fd7787e2136ccfbcc80ade34f246a12cf93bab527f6b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Cape
Cape
https://www.capesandbox.com/analysis/216861/

Comments