MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d915396aa09593693247c54c4a91feea691dc6e5f4ff234791a6193d2b5ac1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d915396aa09593693247c54c4a91feea691dc6e5f4ff234791a6193d2b5ac1b
SHA3-384 hash: 782e447235ae0dcdd54a07c178fa395a1128248b1e3b8fdcb03035120c89c8f23a62673987a3496b694ab1740632bbb9
SHA1 hash: f3a9926564a7eaa68bf1623ebe2f6ab21727a817
MD5 hash: 6a845ba103296108ad6414a3c9217718
humanhash: william-alaska-georgia-failed
File name:6a845ba103296108ad6414a3c9217718.exe
Download: download sample
File size:759'648 bytes
First seen:2021-03-17 08:12:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 12288:aRZ+IoG/n9IQxW3OBsee2X+t4RbDE8/hma/27kMlVjHfKQxtz1oV7svLThNKRC2M:U2G/nvxW3Ww0tDEc+7kMuQx11oVKhNK8
Threatray 920 similar samples on MalwareBazaar
TLSH 45F40202BEC155B2C6721D325979AB21643DBD202F28CEEF63D46A5DDA701D0EB31B63
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6a845ba103296108ad6414a3c9217718.exe
Verdict:
Suspicious activity
Analysis date:
2021-03-17 08:33:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/958679d0-9117-461b-8304-2a9766eb0b83

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.Rasftuby.Gen.14.10239.27368.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Sending a UDP request
Creating a file
Launching a process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/642010
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 369977 Sample: gfUpvPVUR1.exe Startdate: 17/03/2021 Architecture: WINDOWS Score: 64 21 Multi AV Scanner detection for submitted file 2->21 7 IntelFOUR.exe 2->7         started        10 gfUpvPVUR1.exe 5 2->10         started        process3 file4 23 Multi AV Scanner detection for dropped file 7->23 25 Tries to detect virtualization through RDTSC time measurements 7->25 13 WerFault.exe 23 9 7->13         started        19 C:\ProgramData\Intel\IntelFOUR.exe, PE32 10->19 dropped 27 Uses schtasks.exe or at.exe to add and modify task schedules 10->27 15 schtasks.exe 1 10->15         started        signatures5 process6 process7 17 conhost.exe 15->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d915396aa09593693247c54c4a91feea691dc6e5f4ff234791a6193d2b5ac1b/
Threat name:
Win32.PUA.Wacapew
Create hunting rule
Status:
Malicious
First seen:
2021-03-17 08:13:08 UTC
AV detection:
15 of 47 (31.91%)
Threat level:
  1/5
Verdict:
suspicious
Similar samples:
048066b8f8dcf8a74e78e458a727edf50094a5849dbaae9cc80df053deae7c47
4824693d37ee0c444b89e21a2ae1cba396927f299e88751759635b2795c1bc96
5cd8924328a7410215c895cd0de484846df13d583e15650ded75ba62b88c17d0
786e182e324b83c59ad1b095f7d520598a1b72cfce239b4274d462c7ba45bf18
7c201535a28746b62adfa831cfccac096903f5b17ee83b8364fc890fa70a59fd
8060ecf4c1dc957aefdbfc835361541af83a9e5d6433f5abb073477c59f16e4c
aa9692c1769e25297176b847f4274570c56c4d74f4577608bd036e72d82d5bdb
b7d74de8e9514ca3fbfa4676be4433069bc913f86953a79d40c6272d5077242c
b8ae844621bf21969ca7070937f91101ca4f7277917979ad9d4a4ac43d6e5fad
f39b9e8c4a9aa6d8cd9f069e8a8ee81a3f666e07071f2b4673aa42633026736c
+ 910 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210317-z5pakybzk2/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Unpacked files
SH256 hash:
9d3517f2804538afae88a60d5984f9ecbdc4c42d9f6b7f13a92eb3d9f7b33617
MD5 hash:
ade4caf6fd4d483db5f8c59adb94e055
SHA1 hash:
7be7663df31c04f8d75b9854f203589afccdc1aa
Link:
https://www.unpac.me/results/4b569b60-5e42-47ad-acae-e36d7b01f024/
SH256 hash:
6d915396aa09593693247c54c4a91feea691dc6e5f4ff234791a6193d2b5ac1b
MD5 hash:
6a845ba103296108ad6414a3c9217718
SHA1 hash:
f3a9926564a7eaa68bf1623ebe2f6ab21727a817
Link:
https://www.unpac.me/results/4b569b60-5e42-47ad-acae-e36d7b01f024/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6d915396aa09593693247c54c4a91feea691dc6e5f4ff234791a6193d2b5ac1b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6d915396aa09593693247c54c4a91feea691dc6e5f4ff234791a6193d2b5ac1b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1072551/
  
Delivery method
Distributed via web download

Comments