MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5837a7832672ac0677622937160294332e38522be0f65182e892a9dd4ea32483. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Poison


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5837a7832672ac0677622937160294332e38522be0f65182e892a9dd4ea32483
SHA3-384 hash: 02ccf879eb9016f5822ee74afde9e4ee07a6a10cc40753aac4f6c17d1b1be5439a9b99031b625246e8ce1bc62bf09f0e
SHA1 hash: da82db7dc68532030290a3515cbb72c74f365645
MD5 hash: 1633821aaabcc7be05d1b46e7352e266
humanhash: quebec-red-oxygen-fillet
File name:5b04bfd2b39dbfc9cd7e0cb59baab4dc
Download: download sample
Signature Poison
Create hunting rule
File size:1'155'072 bytes
First seen:2020-11-17 11:23:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03795b2014b56fa16b8afb9f49125cb0 (1 x Poison)
ssdeep 24576:2ISEFfQ8EUAdsgnJvvN9kYixy+QBabyYOOdjsEfVOELr7/:2/nNvvNFiZQB6tdjjNOQr
TLSH A335AE12B593C0F6D638187118B62B3AAA7596450A35EFC7E39CCE6C2C32651EF3721D
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Zusy-6840460-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Creating a file in the Windows directory
Sending an HTTP GET request
Deleting a recently created file
Creating a process from a recently created file
Creating a window
Launching a process
Sending a UDP request
Connection attempt
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5837a7832672ac0677622937160294332e38522be0f65182e892a9dd4ea32483/
Threat name:
Win32.Backdoor.Poison
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:24:23 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-pmvv6b1eqa/
Behaviour
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Unpacked files
SH256 hash:
5837a7832672ac0677622937160294332e38522be0f65182e892a9dd4ea32483
MD5 hash:
1633821aaabcc7be05d1b46e7352e266
SHA1 hash:
da82db7dc68532030290a3515cbb72c74f365645
Link:
https://www.unpac.me/results/cf2e0282-cac6-4d09-9bbe-7c2541a1599c/
SH256 hash:
8c60c7fae98390f6c5a42e71c144ce21b6e2d3a82928d42858241eeeb2af370d
MD5 hash:
7285ce533a9de0997d9eda112d4958eb
SHA1 hash:
3f7cc7a0c83c249fff3914a157f3bc4aaca317cc
Link:
https://www.unpac.me/results/cf2e0282-cac6-4d09-9bbe-7c2541a1599c/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments