MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62609aac613627ef79c08360049cdc59584d71d8e662f890dedbe4318da8beb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62609aac613627ef79c08360049cdc59584d71d8e662f890dedbe4318da8beb5
SHA3-384 hash: ad0f83a914fc3189bd038312bddf8470df8e160fb4d9213b344a37a9826fcd8ec87d33c98c05344eed1d002c7bd232df
SHA1 hash: bb5e983c0e1cc2bdc744c9885b3363b159852a17
MD5 hash: ac04a63fbb825a36735b5186cf806c8d
humanhash: papa-five-friend-zebra
File name:ac04a63fbb825a36735b5186cf806c8d
Download: download sample
File size:4'905'131 bytes
First seen:2021-06-24 07:49:55 UTC
Last seen:2021-06-24 09:02:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 98304:Mv1LpS/BuTR0+L5qPN3lAqL5rlWWtPMsXLp4yvwlkb9dFiFrntuQW3n:MZpS/wTC+LANNmWi6N3YA9dsZntuQg
Threatray 2'118 similar samples on MalwareBazaar
TLSH 5C3623E2E39A9461CB471C725E213D4F87CDE2AAAD3883FC5E5609CA51D4744B48EFC8
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ac04a63fbb825a36735b5186cf806c8d
Verdict:
No threats detected
Analysis date:
2021-06-24 07:52:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/042b76dd-d015-4766-8380-1fecc7b0dfe5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/167878/
Detection(s):
SecuriteInfo.com.Variant.Zusy.386268.17436.3943.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/099007c8-ad1a-445b-bdd6-72f27b8ffa27
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/807238
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62609aac613627ef79c08360049cdc59584d71d8e662f890dedbe4318da8beb5/
Threat name:
Win32.Trojan.Caynamer
Create hunting rule
Status:
Malicious
First seen:
2021-06-24 07:50:25 UTC
AV detection:
23 of 46 (50.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
09dc7dc14936ed8794d78cdb6eddc7f3776cba90b3942c2fa1ff7bdf329956cc
173240b443fdb5cc7ed97cf6eedeb0d823924df3dab6d468c9da2898443f3ac6
2fbf6c5454bb88073ecbc13b293375ec58a9f8636c188881ffd7a3573f3c1cac
43fd44a53e16097ae8b813e48be98cddfce369cd515efa1383fd0ea0b5a4c0bc
50575798954fd5dff1f376d1597a3d0ff52f51789c5ae98b48957590b540bcce
69fac4fe77b6da550498724f01e6db66d5c18a19c185d824bf62afdaccb0a7d6
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
8fa3eaa46c7d8d1f44a2eeca895f802f2aa7a2251bab347ccb765c72d63ccb58
d20393005bd47dc79acbf72c5f032a208c33aebb7f76f7bf01b69218161a1232
d81e62102d9b748aaabf4f06bf0c09a66dfaaac7836374016a5f076b6f7ed418
+ 2'108 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210624-xar3yt5v3a/
Behaviour
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
62609aac613627ef79c08360049cdc59584d71d8e662f890dedbe4318da8beb5
MD5 hash:
ac04a63fbb825a36735b5186cf806c8d
SHA1 hash:
bb5e983c0e1cc2bdc744c9885b3363b159852a17
Link:
https://www.unpac.me/results/2e163b1b-da2f-483f-8c42-34e66b112a60/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/62609aac613627ef79c08360049cdc59584d71d8e662f890dedbe4318da8beb5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 62609aac613627ef79c08360049cdc59584d71d8e662f890dedbe4318da8beb5

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/167878/
  
URLhaus
https://urlhaus.abuse.ch/url/1393986/

Comments