MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 624a74c9469e95f404baebd07a8c563baa38e752d391bca5e8894dbc87186388. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 624a74c9469e95f404baebd07a8c563baa38e752d391bca5e8894dbc87186388
SHA3-384 hash: 1e1bc474f0e39997830ae99466ab5ef8405242cb24d10b11dc6abe88d2474797654b387ed3cd5c2912cd9a517118b425
SHA1 hash: 369998f82ef289b3773dcfe9904801ed6285db82
MD5 hash: 0f319e34515d4cc3c82401bc2a407175
humanhash: connecticut-california-london-two
File name:0f319e34515d4cc3c82401bc2a407175.exe
Download: download sample
File size:256'512 bytes
First seen:2021-03-22 20:20:37 UTC
Last seen:2021-04-01 03:28:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:rVmd+ToRPnmVGcvh7Wn1recCis4ZN221KUEA/fVB9eHUw:10v0GMWnHCnWUR
Threatray 121 similar samples on MalwareBazaar
TLSH 2B44AFB8B5146CD6E67F467BCA96BCD913B637229E87E8CD80A477C30663371EE01805
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
0f319e34515d4cc3c82401bc2a407175.exe
Verdict:
No threats detected
Analysis date:
2021-03-22 20:36:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2ec3bdfd-6f01-4940-ad91-7dc7a31af190

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/126284/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Fuerboos.Ecl.19732.30248.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Sending a UDP request
Running batch commands
Creating a process with a hidden window
Launching a process
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/648640
Signature
Creates multiple autostart registry keys
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Uses cmd line tools excessively to alter registry or file data
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 373281 Sample: T22JACdQvB.exe Startdate: 22/03/2021 Architecture: WINDOWS Score: 72 62 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->62 64 Multi AV Scanner detection for submitted file 2->64 11 T22JACdQvB.exe 2->11         started        13 cmd.exe 1 2->13         started        16 cmd.exe 1 2->16         started        process3 signatures4 18 cmd.exe 1 11->18         started        78 Uses cmd line tools excessively to alter registry or file data 13->78 22 reg.exe 1 1 13->22         started        24 conhost.exe 13->24         started        26 conhost.exe 16->26         started        28 reg.exe 1 16->28         started        process5 dnsIp6 60 8.8.7.7 GOOGLEUS United States 18->60 66 Uses ping.exe to sleep 18->66 68 Uses cmd line tools excessively to alter registry or file data 18->68 70 Uses ping.exe to check the status of other devices and networks 18->70 30 T22JACdQvB.exe 18->30         started        32 conhost.exe 18->32         started        34 PING.EXE 1 18->34         started        72 Creates multiple autostart registry keys 22->72 signatures7 process8 process9 36 cmd.exe 1 30->36         started        signatures10 74 Uses ping.exe to sleep 36->74 39 T22JACdQvB.exe 1 36->39         started        42 conhost.exe 36->42         started        44 PING.EXE 1 36->44         started        process11 signatures12 76 Creates multiple autostart registry keys 39->76 46 cmd.exe 1 39->46         started        process13 signatures14 80 Uses ping.exe to sleep 46->80 49 T22JACdQvB.exe 46->49         started        52 conhost.exe 46->52         started        54 PING.EXE 1 46->54         started        process15 dnsIp16 56 35.166.81.240, 443, 49713, 49720 AMAZON-02US United States 49->56 58 192.168.2.1 unknown unknown 49->58
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/624a74c9469e95f404baebd07a8c563baa38e752d391bca5e8894dbc87186388/
Threat name:
Win64.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2021-03-22 19:36:46 UTC
AV detection:
9 of 29 (31.03%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1d25dcba3d5639e4275035eaab8f392fbd8e1c312aa3410da467e563223eef2d
26729effad95a8719e8716cb65aa5d5eb1ab255d4782f0d19471c1be963cffad
3483f717d6c9b903413aa6e1a66f771db14ff7563c4d81ec5b761f50aeea0ea2
461e6f9d0bff2b46c77cb78d2d885570b4f75a5b3b9d6ed9b01193970ccf24d1
64bb301a1ef092d05ce99b282df5d6967b01a4598c292d14608137a180ecaece
8a0fbcde56a9a817c10b0fe5ae281f75385c2a28ca271d736484e689c104e96c
abe0c08037af3a6f1ee5f815c0c58d3c61aa8c4270ed432839872d0ea758b1bc
d362c83e5a6701f9ae70c16063d743ea9fe6983d0c2b9aa2c2accf2d8ba5cb38
e6f0206d99bc279a062e055582e2c452500d7067968e9de186d7d78ed158271d
e99a54ca11fd5e27c5085c24304103a348fa2a550ea1fa934fca541551c511d6
+ 111 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/210322-9zggc57naj/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Adds Run key to start application
Unpacked files
SH256 hash:
624a74c9469e95f404baebd07a8c563baa38e752d391bca5e8894dbc87186388
MD5 hash:
0f319e34515d4cc3c82401bc2a407175
SHA1 hash:
369998f82ef289b3773dcfe9904801ed6285db82
Link:
https://www.unpac.me/results/6421fec4-5167-4261-8d5e-8af925485b5f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/624a74c9469e95f404baebd07a8c563baa38e752d391bca5e8894dbc87186388

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 624a74c9469e95f404baebd07a8c563baa38e752d391bca5e8894dbc87186388

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1084390/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1084394/
  
URLhaus
https://urlhaus.abuse.ch/url/1084396/
  
URLhaus
https://urlhaus.abuse.ch/url/1084400/
Cape
Cape
https://www.capesandbox.com/analysis/126284/
  
URLhaus
https://urlhaus.abuse.ch/url/1084699/

Comments