MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6aab53b30ad27d3038b79a8ca36a2eb391cb6bdbb24d8fc5e1956e473188cd5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	6aab53b30ad27d3038b79a8ca36a2eb391cb6bdbb24d8fc5e1956e473188cd5f
SHA3-384 hash:	7f0b5feb56f080e8ec9c2b95ba6cdae00705c95f0cfe11e935cd21555ea34d9f8317833bd6faefcc9acca76fff5ec710
SHA1 hash:	c6e88b136afa0aea9ae6fd31f3ea5e6a3e727255
MD5 hash:	8dcc53b338d0e62f2f05430ec13574af
humanhash:	purple-sodium-hotel-lamp
File name:	SecuriteInfo.com.Malware.Heur.2.xXW@b8MwJ0pO.3157.9399
Download:	download sample
File size:	1'426'944 bytes
First seen:	2020-08-01 19:28:57 UTC
Last seen:	2020-08-02 07:33:37 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d7dc0a6c553761e206315b5b8d64a116
ssdeep	24576:wPCKLqGSWNqpjaFGB0SICI0SfpazwUSB+Fq4Jr:Q2eSO0SfUze+FX
Threatray	5 similar samples on MalwareBazaar
TLSH	7B657D36EA29383BC5F5657D9E6382B05C7B3D52259A8A326EF0FD0C2F781C12C35652
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

2

# of downloads :

58

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/36949/

Detection(s):

PUA.Win.Malware.Speedingupmypc-6718419-0

SecuriteInfo.com.Malware.Heur.2.xXW@b8MwJ0pO.9543.417.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Launching the default Windows debugger (dwwin.exe)

Sending a UDP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/406629

Signature

Machine Learning detection for sample

PE file has nameless sections

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6aab53b30ad27d3038b79a8ca36a2eb391cb6bdbb24d8fc5e1956e473188cd5f/

Threat name:

Win32.Trojan.Zenpak

Status:

Malicious

First seen:

2020-07-30 17:31:31 UTC

AV detection:

28 of 48 (58.33%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

23b22bd405675619b48f3739f61e19231f2d0236471ef123c8ce8b0230dff050

39c531db99d46a4b3906a41e6e1afdb2523106c795b11eecaf75bc3a1fbff57b

92714bd064db14df090e83922023d6ebc0e515909e223e9277a35c570b0a36e0

95e512f980e10547b613b0ee9fde0e49716e338cdf16e9b50956e0b3a807ad20

ecc34691e3df1c4c6fc2588efc33007d8c91ef155590280a9f022797ce571014

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/200801-9js5bkety6/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Program crash

Program crash

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 6aab53b30ad27d3038b79a8ca36a2eb391cb6bdbb24d8fc5e1956e473188cd5f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/422212/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/36949/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample