MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64d0daf9c003b48f0f408c59a8a1fc3727daedfc05d82456cd7165447e15c105. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 64d0daf9c003b48f0f408c59a8a1fc3727daedfc05d82456cd7165447e15c105
SHA3-384 hash: 2cb4651d3eb21bd96b4c37d01b9551bde8acb3056e8aac9e590d3895631f4cf0cbf6a7744b70cbdedb4f41a913f07650
SHA1 hash: e592202c98aad02b3a70f2714bb7c287cb83a957
MD5 hash: 6612c4e8154f94e6ddab585a299c86b7
humanhash: kansas-hamper-fifteen-delta
File name:RasTls.bin
Download: download sample
File size:104'448 bytes
First seen:2020-06-10 07:17:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 44b8b693759315b204dbd6aba6e75c6b
ssdeep 3072:Db6ihSsgbmbRlkoNpiRjdeJVh7mvnwWiG4t:DbZSs+mPvMddeJVhaw1
Threatray 39 similar samples on MalwareBazaar
TLSH CDA3F001B451C5B2CC1281BA658CDE817B7BF140DFB9C887779A4A0B4FB57E09E2A3D6
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.PlugX-62
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.MintPorcupine
Create hunting rule
Status:
Malicious
First seen:
2014-07-29 23:03:00 UTC
File Type:
PE (Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
380a4e4a513f170846c9d9f1f278c1f79fa17ba3e4f0ffbefad8dc2eb87f3b50
396372108ec44e73e42fed3e3012b1604aeaa0d33b83d3b0634b2929f5d81f3f
4803cd9f78d255530bb277add77ba85e09d625edc94750fcced09f3ed438b5f7
487032be06deec0a6b50c6c0464edb67d50f9bb769ea1527969d4b67b83e8733
80cf08d2dc19a68aec5ee4eb60f728380f16eb2b434125327e58a9bb0354f83a
a5d9ec13651c51cba4591a97feecc25624d8a081cd5380187469391d321d544d
abce854dbb1be834088423c8a911d7111cd6d205b9f6b44be000652860fa03c6
ad7db1393e62d89dcb0039aa5ba64a897e88d3f6b76d146ccf419e952e57c317
c689edeb2bea45f5a7e6402ba51dc23e40e6c8b509841f60cb3d7327340b9b60
f9c6f13bb1cb6d43ad7c53db28448ea88962a71e981910cbf0586f9340a1b09a
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xrsjq25as2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Deletes itself
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments