MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e83f90e54bfad61111ff0ba791c63da7c5ad638d99dd66eeb1bf4994c51be9e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e83f90e54bfad61111ff0ba791c63da7c5ad638d99dd66eeb1bf4994c51be9e
SHA3-384 hash: afeda03282060e49070f014e64997f9fdd58b76aa197ffa9054750e6aae65df4bebd5ebf4d87c8e75578b8aa9f2bdc7c
SHA1 hash: 4d89a1a815ba8e1594360a1b61d7801e55613d2b
MD5 hash: 7ba300c276aa0c750e789e5cb18e3574
humanhash: august-neptune-don-nuts
File name:TrdngAnlzr10422.exe
Download: download sample
File size:714'944 bytes
First seen:2022-04-01 13:15:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 67b547d1d2367fd95ec40f319edbd898
ssdeep 12288:HE+BbwyUekg1pORw4FV6CjZ3vwKz+xaLZZk0RchBXHcZ9QJ3J/1MRWL7Xz:HFBIekgLORwWV6o13xLvGBMZ9Y3Rv
Threatray 556 similar samples on MalwareBazaar
TLSH T10BE42325E740DB6FC03948BB8053ECB683DBFE55A6ADAF1B25487857CA3D3017C0468A
File icon (PE):PE icon
dhash icon b6b2909a88e8f0c8 (1 x RedLineStealer)
Reporter JAMESWT_WT
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
198
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Jaik.54214.4915.1063.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Searching for analyzing tools
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a file
Unauthorized injection to a recently created process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
shell32.dll
Link:
https://www.filescan.io/uploads/6246fb15a19c649412b93d6d/reports/26a59e98-800a-4276-bcca-d4530f99395f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0784f5ab-4882-4c4d-a63f-7ed603130939
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/968987
Signature
Creates HTML files with .exe extension (expired dropper behavior)
Detected unpacking (changes PE section rights)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade debugger and weak emulator (self modifying code)
Very long command line found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5e83f90e54bfad61111ff0ba791c63da7c5ad638d99dd66eeb1bf4994c51be9e/
Threat name:
Win32.Trojan.Jaik
Create hunting rule
Status:
Malicious
First seen:
2022-04-01 08:01:28 UTC
File Type:
PE (Exe)
Extracted files:
34
AV detection:
12 of 26 (46.15%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
225c95e3a8aeecea3e461ba3412047f6f456fc2dcf62a0b4bd5b52447817cc0e
3ed09132d1da26eca39b4584e8207eefc332670ff897f2e933a46c0ac98ba926
629b3a1d8877599c9c6bd5e95a715445ffe13168b095376caa6422c590678fc9
71995b00a1177346060d8ec4dbc8fca6839be511cfd7896c583b4bd8b1a37923
dd84689949024d391c12a48a743fa82ef839bc77996f2a191626009151d7f57b
e91f6073dd124d2cdb193022e9c48ee468ec33f8fd1df6b1dedd4f3f58045400
+ 546 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220401-qhsdtsgadr/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
e3eb17ad25ee72d5958098dff7ca54c87af31a8f581924b5bf9478eefd5e60f0
MD5 hash:
4826719ebfce3aa3fde3927b18a8619a
SHA1 hash:
749997dbb75699eebef0eea881087b9b728e19f1
Link:
https://www.unpac.me/results/5be613d8-b3ce-46e9-a344-ba9dd6dc1cef/
SH256 hash:
5e83f90e54bfad61111ff0ba791c63da7c5ad638d99dd66eeb1bf4994c51be9e
MD5 hash:
7ba300c276aa0c750e789e5cb18e3574
SHA1 hash:
4d89a1a815ba8e1594360a1b61d7801e55613d2b
Link:
https://www.unpac.me/results/5be613d8-b3ce-46e9-a344-ba9dd6dc1cef/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5e83f90e54bfad61111ff0ba791c63da7c5ad638d99dd66eeb1bf4994c51be9e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5e83f90e54bfad61111ff0ba791c63da7c5ad638d99dd66eeb1bf4994c51be9e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2127018/
  
Delivery method
Distributed via web download

Comments