MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6958cc20b390a826778c286a41e3601cbae129d26d4bd2e50b350ba2c336aa5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6958cc20b390a826778c286a41e3601cbae129d26d4bd2e50b350ba2c336aa5f
SHA3-384 hash: d8095304da820503e41138af2f6a4f38f188caafae86acb6e953fe27654fdcdfdd9316305d1e3ab05c9450ff4fc02378
SHA1 hash: 7bb2dc418d5099b666df586e056cd5f53287c1e6
MD5 hash: 6192d1233fe0683d14bd980354d8fae9
humanhash: kentucky-island-pluto-nebraska
File name:6192d1233fe0683d14bd980354d8fae9
Download: download sample
File size:271'872 bytes
First seen:2021-06-24 06:46:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2c5f2513605e48f2d8ea5440a870cb9e (60 x Babadeda, 6 x AveMariaRAT, 5 x CoinMiner)
ssdeep 3072:77DhdC6kzWypvaQ0FxyNTBfaeRlaKWh4KaWi8Q/N:7BlkZvaF4NTByeLVWhON
Threatray 59 similar samples on MalwareBazaar
TLSH 6844C5D3E29B8C72D5BD5F7C1176F26066A01D646A30D38E432BFA3283FAAC0511ED56
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6192d1233fe0683d14bd980354d8fae9
Verdict:
No threats detected
Analysis date:
2021-06-24 06:49:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/af717cfe-cc10-42a0-a232-98c84d4c23ce

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/167866/
Detection(s):
PUA.Win.Packer.Purebasic-2
Create hunting rule

SecuriteInfo.com.Trojan.GenericKD.34587420.17402.2208.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3cd32d36-a3f5-45ab-ba81-10b28d283949
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/807204
Signature
Drops batch files with force delete cmd (self deletion)
Uses cmd line tools excessively to alter registry or file data
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 439619 Sample: 7JBvm3kHNh Startdate: 24/06/2021 Architecture: WINDOWS Score: 48 6 7JBvm3kHNh.exe 8 2->6         started        file3 19 C:\Users\user\AppData\Local\Temp\...\6BB6.bat, ASCII 6->19 dropped 21 Drops batch files with force delete cmd (self deletion) 6->21 10 cmd.exe 1 6->10         started        13 conhost.exe 6->13         started        signatures4 process5 signatures6 23 Uses cmd line tools excessively to alter registry or file data 10->23 15 attrib.exe 1 10->15         started        17 attrib.exe 1 10->17         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6958cc20b390a826778c286a41e3601cbae129d26d4bd2e50b350ba2c336aa5f/
Verdict:
malicious
Similar samples:
05a8800b05cf0c4293f9dcc297873f36691161746aec7b65e31b0e32c8f0bebb
05d38ac5460418b0aa813fc8c582ee5be42be192de10d188332901157c54287c
076dfc0a55afc36cdfd6dff84cfd0feae23029843e745b7f122980b341f7b710
3ae3550b6baf30136ce9b846725c3322f23ee8428c2984750a2cfe02843993e9
50ea078788cc95bb0d43243715721fe8a70e354f4b8eae9b9f27e6425c7e353f
8d31cd4a15ce8347ee5d40ec43f3f0f6f1938887613d8dd58962df1cf7bfebca
df1decc9154f20f51344ffe9b9916d3aef823d779fbd9494c535c562fadd9cdb
f1ff26f937fb6b5d3071a430d45db0439454d9311ef88610aeac7620e1c89e54
f5e4f8cf4a6691806c1fa4f0718cae9d5ff5ad41088b57a4cbcdabed09dcba2e
f65104f0852b7100789837a9a52099a876bc6279f7d2f0d9d74946326cfe915e
+ 49 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion
Link:
https://tria.ge/reports/210624-7dv9zcx746/
Behaviour
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Sets file to hidden
Unpacked files
SH256 hash:
6958cc20b390a826778c286a41e3601cbae129d26d4bd2e50b350ba2c336aa5f
MD5 hash:
6192d1233fe0683d14bd980354d8fae9
SHA1 hash:
7bb2dc418d5099b666df586e056cd5f53287c1e6
Link:
https://www.unpac.me/results/b1c81c8d-5103-4812-b22d-a7569e0b4b3b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6958cc20b390a826778c286a41e3601cbae129d26d4bd2e50b350ba2c336aa5f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6958cc20b390a826778c286a41e3601cbae129d26d4bd2e50b350ba2c336aa5f

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1393854/
Cape
Cape
https://www.capesandbox.com/analysis/167866/

Comments