MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d9ada349683ee0eba45222aa55394649b9ecdfed39d3e7de604b050ba719858. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d9ada349683ee0eba45222aa55394649b9ecdfed39d3e7de604b050ba719858
SHA3-384 hash: c1959c86c6003e986e8e0cf9566bd75fe8cf3fd32f6943c2152e60296dc9fbbff832a0de1499a58968664856ad03a2d2
SHA1 hash: 7ebc590d310ff604f2535876cb7690c554f1841c
MD5 hash: 187f63654f0bdcb2b9e7d124d77711de
humanhash: vermont-washington-eight-arkansas
File name:SecuriteInfo.com.Trojan.GenericKD.2189983.9272.29192
Download: download sample
File size:562'176 bytes
First seen:2022-12-18 20:30:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9150ac40eb36f4accbc005ae0e6dc715
ssdeep 12288:WaJFfT7nncafLLZjQzCa778ynctMtcjd4PC:WcfHtjtyCqncyi54
Threatray 255 similar samples on MalwareBazaar
TLSH T197C4234E33467E15E06101B05DE6E27784B077B6393BCD8D1305AEAA22B4F23637665F
TrID 45.8% (.EXE) Win32 EXE PECompact compressed (v2.x) (59069/9/14)
32.2% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
8.1% (.EXE) Win64 Executable (generic) (10523/12/4)
3.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
3.4% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 927168745471b6b2
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.GenericKD.2189983.9272.29192
Verdict:
No threats detected
Analysis date:
2022-12-18 20:33:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0e6190d4-af10-4880-bb72-e54645d635e4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/347723/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.2189983.9272.29192.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a window
Searching for synchronization primitives
Сreating synchronization primitives
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a4ed8a9c-72ec-4553-973a-65c14dfabe8c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1136749
Signature
Detected unpacking (changes PE section rights)
Found API chain indicative of debugger detection
Found stalling execution ending in API Sleep call
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d9ada349683ee0eba45222aa55394649b9ecdfed39d3e7de604b050ba719858/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2015-02-11 01:32:47 UTC
File Type:
PE (Exe)
Extracted files:
19
AV detection:
23 of 42 (54.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nwnnunewqpxa5osfeivkku4umsnz5tp62oot47pgasyfbotrtbma._file
Verdict:
malicious
Similar samples:
15df432e0f75857dbdb8da921cfffeed71244a95650b9fe8da19219999662d65
34d457a1e0ac2c9ca0535f2cd1a6bc3c43ee8e5a6332366027bc7bcd6db6eb3b
5d09c98a34657bd08506045546e71ba1a11fb1d129957be1bdd1f02ca6df129c
9848335d47d8bb203145e2aca78fc8f9b42fb2ba1cd91561974172ea6da43851
a027d527bf8e2d3682ee39f12379d113bc7d28193d36b2c448712e5c8009ff52
e2b9859fcfaed0a7d7a857646cf37b042df26f13a4c455a5fcffed0f6bb74d12
f7a0cf1b55ad5ad4ecdbeacc96a3cf715d2ddb45c985d5d3ed956782bddc93f6
+ 245 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221218-zapseagf7z/
Behaviour
Suspicious use of AdjustPrivilegeToken
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/0c96df92-7017-4be5-87a0-344449f43b6c
Unpacked files
SH256 hash:
52e67d7b4af3bd5c60e6de325aad6562ecc349eeba7b1bb9b5d269e2ff3f1bf1
MD5 hash:
b5f16f7c7f33e4f9a1639f480291810c
SHA1 hash:
f708876b7cd7605c32245abefde9961231f0bc9e
Link:
https://www.unpac.me/results/541830ec-fe6b-405c-bc9d-5bd2f08782bd/
SH256 hash:
6d9ada349683ee0eba45222aa55394649b9ecdfed39d3e7de604b050ba719858
MD5 hash:
187f63654f0bdcb2b9e7d124d77711de
SHA1 hash:
7ebc590d310ff604f2535876cb7690c554f1841c
Link:
https://www.unpac.me/results/541830ec-fe6b-405c-bc9d-5bd2f08782bd/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6d9ada349683/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.25
Link:
https://yomi.yoroi.company/submissions/6d9ada349683ee0eba45222aa55394649b9ecdfed39d3e7de604b050ba719858

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/347723/

Comments