MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ddd5f7273a57057d3b0ca1f45afd5acb29adb29c304383e34bed3c0ca6e187a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ddd5f7273a57057d3b0ca1f45afd5acb29adb29c304383e34bed3c0ca6e187a
SHA3-384 hash: bafbfc01aaee9ea9e127aa636f4c8df09a0a97d81f1add53f719aea733fa6ed7b51a91a64b8917fadd4ceb8bee4f3090
SHA1 hash: 939704724a254ad1c95ce389def474d7ed7c62f2
MD5 hash: cda50506fc8222349a4075117a896310
humanhash: helium-charlie-bulldog-hotel
File name:cda50506fc8222349a4075117a896310.exe
Download: download sample
File size:658'624 bytes
First seen:2021-01-05 09:05:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f30226d320a41698c71e7b23b3acc4af (2 x ModiLoader, 1 x Loki)
ssdeep 12288:XZONNBHxOE9p3ft+AAO2Nqir4JKKLgs9T2H1M7yD/KT:JqNB/9pvEAAlLrSKKEs9K1M7UE
Threatray 28 similar samples on MalwareBazaar
TLSH 22E49EE2B2AD4437D163DA3C4D0BD5A85C2ABF2C3F28944E2BE43F4D5B396913D26152
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file2.exe
Verdict:
No threats detected
Analysis date:
2021-01-05 01:33:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ed2059a6-8c53-4d47-9542-bed20b027dce

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110532/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Fareit-FZO6FA79C4362C5.18442.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
DNS request
Connection attempt
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/574007
Signature
Contains functionality to detect sleep reduction / modifications
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5ddd5f7273a57057d3b0ca1f45afd5acb29adb29c304383e34bed3c0ca6e187a/
Threat name:
Win32.Trojan.Caynamer
Create hunting rule
Status:
Malicious
First seen:
2021-01-04 09:34:39 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
21c88bab09fd103fd1479524503789677b0a7822eb10468c20b4fba58a952490
35b67e1c875487d5d0f15b03a1fd37cfe1396d13ff47440ef7f18402f1b7131e
383d80ef71e1bd484b6838e3c89eebca3bea49ef0648d3a79564c87aa6ddc00f
46520e8955eff183518aa7ad908eff5e9d0c7094be0d9821f037a11a25ff4b3e
6eddee04fd3f715201359b14b2ac4c017b5c68d3059ce8cd306761fc4ee754fe
73875abb9bb12e00127a2524fb8cdf040f205752ecf370068435d5fc0231e4d0
a6c3e40fcbe7e8672cbaaec87bcca2246f2858235f10e66106463c7b5b4c6620
a80553f1c2dcc35c48adf765bbb4f695d9d3c47d57ab0e47e4e8118588466731
b650350fb7bdd840c9cc16502e902983d7fb5faf00ed6f60ef8439a6ccd4e33c
dca7a22ab693c8d59845bce5de96d728d328b30174c9109e212f88447591f977
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210105-p82g5v9sjx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
5ddd5f7273a57057d3b0ca1f45afd5acb29adb29c304383e34bed3c0ca6e187a
MD5 hash:
cda50506fc8222349a4075117a896310
SHA1 hash:
939704724a254ad1c95ce389def474d7ed7c62f2
Link:
https://www.unpac.me/results/81d10ef5-625f-47f2-b64c-c4434111897e/
SH256 hash:
f9e0012852e0a96f0a7e1802bf7cd9ad62cab4764fb6d48ec257e6e56f561542
MD5 hash:
e97ba7b71086469b15fc2b32aedec053
SHA1 hash:
8f4b2c2fcf7019ec909451aa605783009f17280f
Link:
https://www.unpac.me/results/81d10ef5-625f-47f2-b64c-c4434111897e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5ddd5f7273a57057d3b0ca1f45afd5acb29adb29c304383e34bed3c0ca6e187a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5ddd5f7273a57057d3b0ca1f45afd5acb29adb29c304383e34bed3c0ca6e187a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/948953/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/110532/

Comments