MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d5eaba61ad880a2fe44a32368a9af62d1165a367c9f08949df9637c05a11f3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d5eaba61ad880a2fe44a32368a9af62d1165a367c9f08949df9637c05a11f3f
SHA3-384 hash: 6d6a46055ce524f56159b5386729bfb634b09a70b18fc986e7e3b23ce042896ae85d80e2c47c91d1dfbb2745b09598b4
SHA1 hash: 877a7eccd4038c3c970e4a47a5f8ac50af07cc92
MD5 hash: ee8c8a3fb17b02910a2f23708e89493d
humanhash: thirteen-early-steak-zulu
File name:SecuriteInfo.com.BehavesLike.Win32.Generic.wc.25597
Download: download sample
File size:4'083'712 bytes
First seen:2020-05-14 19:42:04 UTC
Last seen:2020-05-14 20:35:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f2b20c2b9eed08cfe5b3d0c983afb3d2 (1 x Glupteba, 1 x ArkeiStealer, 1 x RaccoonStealer)
ssdeep 98304:6cUZ7Y4o64duO6G5OveS0wrrkvbUd71gxxomJ:To7Jo/gOT5Ov1MM1g3B
Threatray 85 similar samples on MalwareBazaar
TLSH 5916332F33EFB821E68111304971E2E08A2B7A61CD33E2972354A94F1A765F5C5673DE
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.wc.25597.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 17:34:02 UTC
File Type:
PE (Exe)
Extracted files:
70
AV detection:
28 of 31 (90.32%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
37c78d45542b2109dcf160591e570469946ffcdfb5042cede4671eef5543c5c9
4a7a38302fddb6caa7d4c380fb14cda9c57bdd2f1b7c97fb88d155fab76d63df
837becd51bb1bdb0e2b182704f727f9f7270737e4c0284df9739ddba3948aa83
86fce58f93e4087e261c52befbb872ddafeb8129008d5153c90084cd4a4a45d0
9f0c58f568c713eb2a7fc4836806a3e70bcdb41d05bfc75a1f815c64d856afde
b7db5b70b15ebac71e0aa8d7cb4e5f663171721b03157644cc2880a38337048a
c006abbb1bae333e5973f9c419bfd9c3c721698cf2cf3ffbd1048fdfb4de811b
cb1ffa5cd81d50702ee7296cd788a66fa8d5aa422e5cb4cdaca5a2ea4322141f
cd689e05263e010dd9c23607c7d8dee3e4d5c536232e8db22e9221bfbfe834ff
e846df33b958032e9fbf264a3dafe63969a6682c1d9232d727d2f7d16d12a418
+ 75 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery evasion persistence trojan
Link:
https://tria.ge/reports/201109-qyj73rgnz2/
Behaviour
Creates scheduled task(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Modifies service
Adds Run key to start application
Checks installed software on the system
JavaScript code in executable
Loads dropped DLL
Windows security modification
Executes dropped EXE
Modifies Windows Firewall
Windows security bypass
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6d5eaba61ad880a2fe44a32368a9af62d1165a367c9f08949df9637c05a11f3f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/362655/
  
Delivery method
Distributed via web download

Comments