MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68159707b394afa650d5c1027b91f0a55cf66ca03d6555f8158d9ad6eb7af19e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68159707b394afa650d5c1027b91f0a55cf66ca03d6555f8158d9ad6eb7af19e
SHA3-384 hash: 8f88fe7d3ef9e1bbc557fee44e75107b3e4bf2cd6fe1153d5296a75bf4ed428ef0b6231c6552c21be5e0f6d1e029a156
SHA1 hash: c91e4169e60ca6f43d8cca7e423c18c51ccebf03
MD5 hash: 784ca31534e4845663fe4378a50388ad
humanhash: seventeen-wolfram-moon-colorado
File name:7b384c55c9a3b2b3a2f893b61e6e57fe
Download: download sample
File size:1'687'552 bytes
First seen:2020-11-17 12:43:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b33855e26b8666f690e874d7e081a9fd
ssdeep 24576:TdxCwrdvB2XOoDzgXHRXvF7o9Vib2Vn0M62fi12+QT10kfpGVH41WVpPeiRKyvT:TvBYn0hpoe+n0wiW0kRl1WJKyv
TLSH B775125D727054D1E8B8363398DF753A06337F3996A52D4E22C8BE1A78623B4DD0F922
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Pequake-4
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/68159707b394afa650d5c1027b91f0a55cf66ca03d6555f8158d9ad6eb7af19e/
Threat name:
Win32.Spyware.BitWall
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:46:04 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  2/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-1hfrdszncs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
68159707b394afa650d5c1027b91f0a55cf66ca03d6555f8158d9ad6eb7af19e
MD5 hash:
784ca31534e4845663fe4378a50388ad
SHA1 hash:
c91e4169e60ca6f43d8cca7e423c18c51ccebf03
Link:
https://www.unpac.me/results/5daf297c-0384-443f-b39e-6dfeaa47ae09/
SH256 hash:
d4ceb06be0414d28165561e9d7a8d746d47181749afec650ac9e7cf89809184a
MD5 hash:
9d88f930c52cebc9e2c005c2d297e854
SHA1 hash:
d8bb757559621c8ee09699fd6e527ac255bf958f
Link:
https://www.unpac.me/results/5daf297c-0384-443f-b39e-6dfeaa47ae09/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments