MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b113b08d25005c3195b8144e422bdd1a2f866fc3cf9d6bc641f006539e97e07. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b113b08d25005c3195b8144e422bdd1a2f866fc3cf9d6bc641f006539e97e07
SHA3-384 hash: b13ad5a8a3564b8f1424e6a5d2fdb1fc38be24a8f39b50c044d47d74f8317ab550f78ed98fd8d1f9e38b57b6fb997b9f
SHA1 hash: 264a3030045c69ffe642d1d05f1996c9ef2caa4e
MD5 hash: 993f7bb4f9158420f2a9e3de0d7edc6c
humanhash: eleven-crazy-kansas-quiet
File name:SecuriteInfo.com.Trojan.Siggen9.52632.15461.10164
Download: download sample
File size:3'286'016 bytes
First seen:2020-06-11 15:31:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3bb0e4000e411b926d4df82dfa0b8db5
ssdeep 49152:HN1+VAoFjoG8VFQOgdUaQxIZGht2K5MvxgSTo7NmP1:H3+W0oZJKUQPpgtwP1
Threatray 40 similar samples on MalwareBazaar
TLSH 74E56AF27559E0FBE02EC1BB98868926C3163FA189145743FE957439ABB3D480C4377A
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9042/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.52632.15461.10164.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Racealer
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 00:43:33 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1571b2ee13c7552f19b2fffc1c3f7dc63dffa8652d0cfa32136852629763018d
42a630cda5266fd03e55bb8621e6d14cf5a6b0abda2426be1a657522c1bbb3a7
484ff6267219f9eb4794c1f20aaa9562a459e0d1a787743592b1532eda3be541
610ef8befe605dd4ba3277c221c25932ffd6e1b939728da70ebd0d1b96fddaa4
8ad873e8543935a9cc12317f90676019801257de4b0845414a7df058e03d6d7f
99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab
b56f704d8baea24179931e0f4efe389e4fb6175c7fb83c49d31aac5ab1e00a03
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
c158b8ed8c9a0221bfeb3dea8d026d5bb9bade9ecfd19191ada59c51c8eb4089
f0e91f423775ca9ba80077774a4de1a212e890d285bdb587b003d57ba0f68b1c
+ 30 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/201109-xhawfqcgc6/
Behaviour
Modifies system certificate store
Runs ping.exe
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Checks BIOS information in registry
Deletes itself
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5b113b08d25005c3195b8144e422bdd1a2f866fc3cf9d6bc641f006539e97e07

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/382876/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/386629/
Cape
Cape
https://www.capesandbox.com/analysis/9042/

Comments