MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 662df407f177b9d63dc16fe5c1068d65c8e1fbe602d05a7cae1db651179b746e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 662df407f177b9d63dc16fe5c1068d65c8e1fbe602d05a7cae1db651179b746e
SHA3-384 hash: 31ea039e755e0ef35dd7bfc6c114f01148e7b393a00a7c404393699cb2cfd3109c842e86bba0632b0c5a04978a776fb5
SHA1 hash: 1fcfc6db3d051c15e043c0cec6d788a5368347b3
MD5 hash: 4aea355a977144665082077acfe9528b
humanhash: fruit-happy-saturn-seven
File name:SecuriteInfo.com.Variant.Johnnie.248518.26915.9785
Download: download sample
File size:172'032 bytes
First seen:2020-05-28 10:54:51 UTC
Last seen:2020-06-01 06:38:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ebb8d869b17bfd0efae6098c7975892 (1 x RedLineStealer)
ssdeep 3072:99kesCiCZj5BzdRIv/Af8YBX5N6E8j7GGp46q4A/U8qXYcwPmdxIM9S4/MujiC+4:99kesCiCZj5BzdRIv/Af8YBX5N6E8j7z
Threatray 343 similar samples on MalwareBazaar
TLSH E2F39D2472C1C072D477183208F4DBB59A7DFD200BA89D9B7798177D6E206F14B36AAB
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
3
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Johnnie.248518.26915.9785.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Downloader.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 02:17:42 UTC
File Type:
PE (Exe)
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
308c96557c6be5d4519ba4bac38c23e611c7b61683cfc1063a6009e216c24f5e
682be0853ccd6f60deb69d27941a628758c4e13e7d2e6ee95a95f415f3a9f0c6
6f34fbbfbe526af81101fef3143797b2e5fddb2bb945c69e6ddd7dd7bf2cf7c7
6fa66f7851bea577cc6adfda11d3225a69b7c6554f028851eddd4d23ea074a59
7294bdc3333d08ac9c2397b3555c0126928c13600b23de09f21841cfee83f55a
7a7f8f5b41981d22a64654a713d5dfdfbe6cb5e0778364a594fbaee25efc5425
8bbb8fe69100550248f4663e911a16bca03432bef9112dd0924d7a9c3dae8464
9c2eb5790e7874950db0e51764ba68bb4a0fa5be68b659717c73363883da0db7
bcb474ac919440674135c673d8c6a0fc8015a63a15b2849c3346f74a716b5249
f09dc0b3275b4c1e3a616911805011c2871af1407599493dc980b6987cb313eb
+ 333 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7xg659v11j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 662df407f177b9d63dc16fe5c1068d65c8e1fbe602d05a7cae1db651179b746e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370373/
  
Delivery method
Distributed via web download

Comments