MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f6adcdc4b4d6b876c33b57ed612ca3707c49eb8b56d0b325ec79c6f0616c107. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	5f6adcdc4b4d6b876c33b57ed612ca3707c49eb8b56d0b325ec79c6f0616c107
SHA3-384 hash:	f2d9d8d7b16fafed3e3bf87ef2f75fdb177234b32dd6ade75e1a9e031867f946b704dd6a9c8b6bca088bb83992d4ede3
SHA1 hash:	52921590292a7a0541ef9052e440a786efc4d165
MD5 hash:	04f5b69147aef1a04e7b23394f0ad851
humanhash:	three-pasta-alpha-romeo
File name:	SecuriteInfo.com.Mal.Generic-S.16388.24239
Download:	download sample
File size:	862'720 bytes
First seen:	2020-03-28 11:00:39 UTC
Last seen:	2020-05-06 17:16:19 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	8ee830f44a3c55993c208ba5f67c623c
ssdeep	24576:xLox5v6ynkPL2gQ5B2FVosqzIo/yYrYCY:5kvhkSgOBMosrsyYrYCY
Threatray	9 similar samples on MalwareBazaar
TLSH	BA054B17E2A310FCC66BC17087ABA772B931F4191234BDBE9694CB317E11D60976E728
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Mal.Generic-S.16388.24239.UNOFFICIAL

Gathering data

Threat name:

Win64.Trojan.Kapers

Status:

Malicious

First seen:

2020-03-27 01:15:00 UTC

AV detection:

20 of 31 (64.52%)

Threat level:

2/5

Verdict:

unknown

5355c506c4e860b1c35c4eade8e462ccea8b4da1ff5dfc2bd70437176a9217b5

87e69df644cf7fa95ced9c33e3fcd4a88356baea18ac20c2aac042d223d7c4b8

8a80a763b2921dfeeeec8a9c75b06af7b37f4281541f959e6229b835b46f1185

9b7aafdd3549d2f40208d8cbf57b3763d033bfe15a31541a3ca7329e7c2d61d6

a57337366ce7dc7b059633a944b048c25457841f2916573062973003793a0b0c

b4bbfec518b34f417680149af477857ce1a27aa23eaceb4eb99d62230e376ba9

ebd0a53672107762483efcef26bcca3f35bc148136c2424083aae6273165868c

ed84a7185bd3decfe9104fa3f6dad24bb0a0ff27a1a792a05ef0f2b010bf7b9b

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 5f6adcdc4b4d6b876c33b57ed612ca3707c49eb8b56d0b325ec79c6f0616c107

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/331299/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/358910/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
DP_API	Uses DP API	CRYPT32.dll::CryptUnprotectData
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::LoadLibraryW KERNEL32.dll::GetSystemInfo KERNEL32.dll::GetDiskFreeSpaceA KERNEL32.dll::GetDiskFreeSpaceW
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CopyFileA KERNEL32.dll::CreateDirectoryA KERNEL32.dll::CreateFileA KERNEL32.dll::CreateFileMappingA KERNEL32.dll::CreateFileMappingW KERNEL32.dll::CreateFileW
WIN_SOCK_API	Uses Network to send and receive data	WS2_32.dll::closesocket WS2_32.dll::connect WS2_32.dll::gethostbyname WS2_32.dll::htons WS2_32.dll::inet_addr WS2_32.dll::inet_ntoa

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample