MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7084cec1c3599690358ffe6abacd34953c31575c7ed418e525362263f85138c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 7 File information Yara Comments

SHA256 hash: 7084cec1c3599690358ffe6abacd34953c31575c7ed418e525362263f85138c7
SHA3-384 hash: 2d3718947e6de7c54200d2eb1ac33ab077adae8e2507bd5c7a6a3903665cc8578484cb8093f359212aa55e8ff6eb3f5d
SHA1 hash: 9131b77df88daea888c6cc02ca933d0f55191889
MD5 hash: 51968ed5693506b0672654341e2f3c3e
humanhash: island-wisconsin-fruit-alpha
File name:SecuriteInfo.com.Trojan.Encoder.858.14924.26517
Download: download sample
Signature n/a
File size:1'071'792 bytes
First seen:2020-08-01 19:35:04 UTC
Last seen:2020-08-02 07:32:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a8380bd23454f947329751acc31ba9cb
ssdeep 24576:r/C2Q8rQIzJrADKDdVesMRNpY1CHzmFRlYcEHi:rK2QAQI1r1dVesGNpYg6FRQi
TLSH AF352306BCC0FCB7DE590975C05D9B1F9D79ED0635A1D5123B68AA2B1A303D202EA37B
Reporter @SecuriteInfoCom

Intelligence


File Origin
# of uploads :
2
# of downloads :
32
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Using the Windows Management Instrumentation requests
Creating a file
Connection attempt
Creating a file in the %temp% subdirectories
Moving a file to the %temp% subdirectory
Deleting a recently created file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Sending a TCP request to an infection source
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
27 / 100
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.CryptInject
Status:
Malicious
First seen:
2019-07-29 13:34:32 UTC
AV detection:
39 of 45 (86.67%)
Threat level
  5/5
Result
Malware family:
troldesh
Score:
  10/10
Tags:
ransomware upx trojan family:troldesh discovery persistence spyware
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of UnmapMainImage
Interacts with shadow copies
Program crash
Drops file in Program Files directory
Modifies service
Sets desktop wallpaper using registry
Adds Run key to start application
Checks installed software on the system
Looks up external IP address via web service
Reads user/profile data of web browsers
UPX packed file
Deletes shadow copies
Troldesh, Shade, Encoder.858

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7084cec1c3599690358ffe6abacd34953c31575c7ed418e525362263f85138c7

(this sample)

Comments