MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67d53f916dfaa58825da5c4141cbb338b286aab1de054bd46c0c1f989519491f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67d53f916dfaa58825da5c4141cbb338b286aab1de054bd46c0c1f989519491f
SHA3-384 hash: 5c78fe0fdf9a822c4b12fe58b069f54e52e1f54ee1096e6c2110b799ea5139c335c14d6481c1d66a26d5df0cf488bc68
SHA1 hash: 6411bb27df4b77a8bfc7534c2349f18b81f2c7af
MD5 hash: 8f8d710c0c50497680610b9fbe572980
humanhash: oranges-twenty-johnny-eleven
File name:SecuriteInfo.com.Trojan.GenericKD.34307115.19863.11985
Download: download sample
File size:722'944 bytes
First seen:2020-08-11 19:19:00 UTC
Last seen:2020-08-11 19:37:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (225 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 12288:xAx1HbQRy6GftfBheI9VPm2fiN8WggmIFCsEjlUe1ddn59AgQ2jiVH+quod:xAvcRyvFfB48VPnKN8FgZ4v1xn599XGL
Threatray 47 similar samples on MalwareBazaar
TLSH DDF4333643B4E272F7601A3B560F2D2112CBA98B1D3CCBBE5F5A4171383B95E71D9889
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/43728/
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

SecuriteInfo.com.Trojan.GenericKD.34307115.19863.11985.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/420203
Signature
Machine Learning detection for sample
Potential time zone aware malware
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/67d53f916dfaa58825da5c4141cbb338b286aab1de054bd46c0c1f989519491f/
Threat name:
Win32.Trojan.RanumBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-07 15:38:37 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
32640c3a14f6feca788c15675729b6233f2469be4ef0a238b0be76557492e3e3
5851f851fd3f4818e16bcf8ac00b723f43d2efd4b2d1acd3c506a8d32f8de14b
5e627b14e776856c2904f622b43da929fbc41c1d0b753cd0f98913d8eeaf3544
629a413c87fe43667f39e89ec6314ec471bea166444c050375b6b56e1c00907b
8453b8c2d323f6a67f213a69dab577abec447468f002f90ca30afd2d81f92e0c
8e0aea169927ae791dbafe063a567485d33154198cd539ee7efcd81a734ea325
998d7e8ad93c6fd33a3e0e3db9352132fc1d0d2aa249c3479ac152c25a29f7c5
a53bb75361e9ea43ce146e90b3a9b99ce11f2853ab1aefa0d86c1cae9d54b93c
cb1ffa5cd81d50702ee7296cd788a66fa8d5aa422e5cb4cdaca5a2ea4322141f
ed65d62376f71cd4ee0dfd8f1f9b43787de42dd85da310ab8b4e90abef7681a0
+ 37 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/200811-6bhz1lravx/
Behaviour
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/67d53f916dfaa58825da5c4141cbb338b286aab1de054bd46c0c1f989519491f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 67d53f916dfaa58825da5c4141cbb338b286aab1de054bd46c0c1f989519491f

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/43728/
  
URLhaus
https://urlhaus.abuse.ch/url/429528/
  
Delivery method
Distributed via web download

Comments