MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67905416ed17dc324c87f1d7a9bde197b2f651f2334f2eef554447675b7dd0c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: 67905416ed17dc324c87f1d7a9bde197b2f651f2334f2eef554447675b7dd0c0
SHA3-384 hash: 2072ec525bc4511ff6034809bae8ec499f2566d9c1064a0d845795dc20b827dcf929ee8bfbf8c2c70fd9f4d0d349a382
SHA1 hash: d605514c0d1cef5cdbd1c7bde54b23c07a58fd17
MD5 hash: 65a137d42ab4a2e88af0c517dea6550f
humanhash: october-mobile-harry-april
File name:SecuriteInfo.com.Java.Ratty.2.17626.28919
Download: download sample
Signature n/a
File size:393'979 bytes
First seen:2020-08-01 19:37:51 UTC
Last seen:2020-08-02 07:35:47 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 6144:hZjgS007NNMX/+DoklCAFNWClCA+jp02GmaZ/ZJSEPavLFjt+Wq:hZNNNzbCClCA+jp02GmWhJnav5jUJ
TLSH E884E015FF829220D667533061ADD2B27A2A8FCCD695410B29AF72595CF0E402F17FFA
Reporter @SecuriteInfoCom

Intelligence


File Origin
# of uploads :
2
# of downloads :
44
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Threat name:
ByteCode-JAVA.Trojan.Ratty
Status:
Malicious
First seen:
2020-06-20 15:05:12 UTC
AV detection:
8 of 31 (25.81%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Behaviour
Detect jar appended to MSI

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Microsoft Software Installer (MSI) msi 67905416ed17dc324c87f1d7a9bde197b2f651f2334f2eef554447675b7dd0c0

(this sample)

  
Delivery method
Distributed via web download

Comments