MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6de745b9931dcc78905b108a9c6d60fe6cb1f1578400f1bc46894c2bff551023. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6de745b9931dcc78905b108a9c6d60fe6cb1f1578400f1bc46894c2bff551023
SHA3-384 hash: 0b658c7a7381ec83fa625b37d5ff990c610e2ac9b286ae8cbc6a15a7136b9881926d98d902fb876c1f850181ed0d13c9
SHA1 hash: 58150f769af8399b40d7af5d77da499484464c04
MD5 hash: 3b802a88524bc2e04d6cba6b7f51e756
humanhash: four-emma-potato-delaware
File name:SecuriteInfo.com.Trojan.GenericKD.47202694.15414.13598
Download: download sample
File size:3'867'136 bytes
First seen:2022-03-21 18:14:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 98304:pTsM6GGDZmB5lPcvSuUOG46d2i7LFueopsgQR8FA9coM3rCMvkj/Kx:pT4GGDZmpcPUO/6Ui7LHoegQRgAioMOZ
TLSH T1580623997218B9EED3A3D836CE580CB07BA0B976572F860F504772BDD92D446CF344A2
File icon (PE):PE icon
dhash icon 4810707161701068 (3 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
160
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/253737/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.47202694.15414.13598.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/6238c0b3dfdfa8501cc827d6/reports/45ebeb7e-977d-47df-9b01-a7bd1262394a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a2e8b76e-fdd8-453b-8441-834b0606e13b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/961208
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6de745b9931dcc78905b108a9c6d60fe6cb1f1578400f1bc46894c2bff551023/
Threat name:
ByteCode-MSIL.Trojan.Gorgon
Create hunting rule
Status:
Malicious
First seen:
2021-10-18 08:19:40 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
23 of 42 (54.76%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220321-wvxrzahgcn/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
6de745b9931dcc78905b108a9c6d60fe6cb1f1578400f1bc46894c2bff551023
MD5 hash:
3b802a88524bc2e04d6cba6b7f51e756
SHA1 hash:
58150f769af8399b40d7af5d77da499484464c04
Link:
https://www.unpac.me/results/b08046ed-ccda-43cd-8f75-4b36d305a81b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/6de745b9931dcc78905b108a9c6d60fe6cb1f1578400f1bc46894c2bff551023

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6de745b9931dcc78905b108a9c6d60fe6cb1f1578400f1bc46894c2bff551023

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/253737/
  
URLhaus
https://urlhaus.abuse.ch/url/2109393/
  
Delivery method
Distributed via web download

Comments