MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 605412b4ceaf25fc66306e96a347662161925ba372383ad39a28703d4ef65caa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 605412b4ceaf25fc66306e96a347662161925ba372383ad39a28703d4ef65caa
SHA3-384 hash: 788365cf1e12dbf144c670596262ebc036ebb207894bb4a1d1d0d020ad7ee0067e5ce94a00d3ab4aafc4b76fba742742
SHA1 hash: 20a76dd11da636744f29d19207273a25ac2850af
MD5 hash: e60b189b5dfae48fa8cfa7e63acdd25a
humanhash: colorado-august-oscar-pluto
File name:NexusRAT.exe
Download: download sample
File size:164'352 bytes
First seen:2021-09-11 08:48:23 UTC
Last seen:2021-09-11 10:21:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5877688b4859ffd051f6be3b8e0cd533 (119 x Babadeda, 2 x DCRat, 2 x RedLineStealer)
ssdeep 3072:cq6+ouCpk2mpcWJ0r+QNTBfHM9SEiVQvflvBU3wp/qb7VBJI:cldk1cWQRNTBfM9SH2vfl0wBgB+
Threatray 75 similar samples on MalwareBazaar
TLSH T1CCF3AF01BBD2C5BEEAF14C3400BAB51E92356A245B21DAD7C7DC3C8285D2EC8767D2E5
dhash icon c004b2b2b20001c0
Reporter Anonymous
Tags:exe


Avatar
Anonymous
Retrieved from https://transfer.sh/get/fTOu6W/NexusRAT.exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
NexusRAT.exe
Verdict:
Suspicious activity
Analysis date:
2021-09-11 08:53:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d15d0d3a-578d-4034-845f-dbaee73639e7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/187033/
Detection(s):
PUA.Win.Packer.Purebasic-2
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Running batch commands
Creating a process with a hidden window
Launching a process
Deleting a recently created file
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/785802a4-1fac-42ba-b9dc-23de94ecb317
Result
Threat name:
Unknown
Detection:
unknown
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/849107
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/605412b4ceaf25fc66306e96a347662161925ba372383ad39a28703d4ef65caa/
Threat name:
Win32.Trojan.Sabsik
Create hunting rule
Status:
Malicious
First seen:
2021-09-11 08:49:04 UTC
AV detection:
14 of 43 (32.56%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1f79ce7d7716512af2a93caf014f302846d5f41ff9850af71120c7fed2bf5845
3194e2fb68c007cf2f6deaa1fb07b2cc68292ee87f37dff70ba142377e2ca1fa
385d985b4b30f4e6abe301be1d8d91582a6f8bb9d73f8753721c8f48a1250abb
590e531489556cfb9de022bc52bce2489c3609e693209c59fdce5698c6fc0be3
6b664d6b89eabbac55c8927fa29d2669ba629a40f1abbf12d76f8d9b14e4facb
7dfdcd5bc610f3718de9ecd3fc67aba996d3a9c786b5954832ede3cc99d0b0b7
90929f4e6bd28d6a197fef323930502ac1a3dcc9de8d4dba02dc6702fd570e14
b895fbf7b60e9534de3a12e5e6c3b5dbe8a5f6149be49e50beae19e0a9006999
ceddcfa72226e91f7435facafe6631d1385ca4d246d242d5136ac4e9462b8611
ef98f9fd8e48c339bbb625437f4a19966c58c47f0e79e99ac320027debb9c9c3
+ 65 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210911-kq1saaecgj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Looks up external IP address via web service
Blocklisted process makes network request
Unpacked files
SH256 hash:
605412b4ceaf25fc66306e96a347662161925ba372383ad39a28703d4ef65caa
MD5 hash:
e60b189b5dfae48fa8cfa7e63acdd25a
SHA1 hash:
20a76dd11da636744f29d19207273a25ac2850af
Link:
https://www.unpac.me/results/6b0fdedd-787f-4d9e-bd8b-c60ffb5bb9c8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/605412b4ceaf25fc66306e96a347662161925ba372383ad39a28703d4ef65caa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 605412b4ceaf25fc66306e96a347662161925ba372383ad39a28703d4ef65caa

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/187033/
  
URLhaus
https://urlhaus.abuse.ch/url/1611527/

Comments