MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 66fec3cb320e4c0e2ac1dde740bc27c8a4b2b1a81b6ae77951e66ec032461e31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 66fec3cb320e4c0e2ac1dde740bc27c8a4b2b1a81b6ae77951e66ec032461e31 |
|---|---|
| SHA3-384 hash: | f80d6c700fa618d4a97523614646961c8a5ec55a46def7259b68c772ad85ffa541ece1fdcc97e2b3a9be85293534ad5e |
| SHA1 hash: | 7a56f4d97cfd82ede23107e33a03fff376ee8ffb |
| MD5 hash: | 613b0f906cd82ff7c1423b5eca1f0922 |
| humanhash: | video-seven-timing-fanta |
| File name: | SecuriteInfo.com.BehavesLike.Win32.Backdoor.dm.23583 |
| Download: | download sample |
| File size: | 958'282 bytes |
| First seen: | 2020-04-14 08:45:14 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 027ea80e8125c6dda271246922d4c3b0 (10 x njrat, 7 x DCRat, 5 x DarkComet) |
| ssdeep | 12288:Thxp3lZnT9bDLKOF3e7QfVugumByysTEpwjsYO05+m9q2:TJlh9bDLnF+GyysqwQsYqq2 |
| Threatray | 290 similar samples on MalwareBazaar |
| TLSH | F015F14176CD94B2EE361D3E0928AA7169BC3C604DA4F77FEB843F2D99B008055E5B63 |
| Reporter |  SecuriteInfoCom |
Intelligence
File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Gathering data
Threat name:
Win32.Trojan.Casdet
Status:
Malicious
First seen:
2020-04-13 11:39:55 UTC
File Type:
PE (Exe)
Extracted files:
15
AV detection:
19 of 31 (61.29%)
Threat level:
2/5
Verdict:
malicious
Similar samples:
+ 280 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 66fec3cb320e4c0e2ac1dde740bc27c8a4b2b1a81b6ae77951e66ec032461e31
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryW KERNEL32.dll::LoadLibraryExA KERNEL32.dll::LoadLibraryExW KERNEL32.dll::GetSystemInfo KERNEL32.dll::GetStartupInfoW |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::AllocConsole KERNEL32.dll::AttachConsole KERNEL32.dll::WriteConsoleW KERNEL32.dll::FreeConsole KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleCP KERNEL32.dll::GetConsoleMode |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateDirectoryW KERNEL32.dll::CreateHardLinkW KERNEL32.dll::CreateFileW KERNEL32.dll::CreateFileMappingW KERNEL32.dll::DeleteFileW KERNEL32.dll::MoveFileW KERNEL32.dll::MoveFileExW |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.