MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 557caa9cc31a834b807583b61c2b81a001962cd85419616c0f297d0c84b29d21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments

SHA256 hash: 557caa9cc31a834b807583b61c2b81a001962cd85419616c0f297d0c84b29d21
SHA3-384 hash: 8bfbd0304fefa3e3cef647366f008968bdd2b343238b7933107a31b237e5d9dd6700ae9c8c57f28d60a687464ea04f74
SHA1 hash: 551751a4e05ddc9fb3fc3989d50032c15b99caf9
MD5 hash: e5fd705d3e71f8305fa11e8d1cd2984e
humanhash: autumn-summer-cat-texas
File name:loader.exe
Download: download sample
Signature n/a
File size:9'042'944 bytes
First seen:2022-08-06 02:26:16 UTC
Last seen:2022-08-06 02:54:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 15fd01fb7e6ca57c8d5b667e1bfac6f6
ssdeep 196608:Vs1m7bBPEAUdZzfjBDZ9AU84V0zFyWv6AJ5ypqetZ9j1:VWmh1YPBDZ9AnFCyNIfj1
Threatray 245 similar samples on MalwareBazaar
TLSH T1A39623EFA1103768C01EC4345823BD49B1F6962E1EF88A6AB5DF7AC06F6E811D542F47
TrID 45.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.3% (.EXE) OS/2 Executable (generic) (2029/13)
18.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.0% (.EXE) DOS Executable Generic (2000/1)
Reporter Anonymous
Tags:exe

Intelligence


File Origin
# of uploads :
2
# of downloads :
321
Origin country :
RS RS
Mail intelligence
No data
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
loader.exe
Verdict:
No threats detected
Analysis date:
2022-08-06 02:32:40 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Behaviour
MalwareBazaar
AntidebugCommonApi
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Signature
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Tries to detect debuggers (CloseHandle check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Behaviour
Behavior Graph:
Threat name:
Win64.Trojan.Phonzy
Status:
Malicious
First seen:
2022-07-30 06:52:48 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
18 of 39 (46.15%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
557caa9cc31a834b807583b61c2b81a001962cd85419616c0f297d0c84b29d21
MD5 hash:
e5fd705d3e71f8305fa11e8d1cd2984e
SHA1 hash:
551751a4e05ddc9fb3fc3989d50032c15b99caf9

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments