MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70c64a3f46820c47b44e30d3925165340735c7ce62ad124268820335ecc808be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70c64a3f46820c47b44e30d3925165340735c7ce62ad124268820335ecc808be
SHA3-384 hash: 3be843bf4de6a7114b34f2941ef093abf95932480c4c65f0a9e711e23453715cf0fb80b71f7a43e63155740468412219
SHA1 hash: cf25472081434f364eae9635472ef6465bba094c
MD5 hash: bb7a55020d96e929f6c92ddd42e54c18
humanhash: four-minnesota-one-foxtrot
File name:bb7a55020d96e929f6c92ddd42e54c18
Download: download sample
File size:8'233'984 bytes
First seen:2021-09-16 08:14:26 UTC
Last seen:2021-09-16 08:56:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 138edddec260c1cf391735ffcbb813ae
ssdeep 196608:KnqgDu1Vqje+OIso69vlq1z7MRci6i/W+lQc:KnqgDiUjUIJ6w3ur7/nQc
Threatray 53 similar samples on MalwareBazaar
TLSH T1BB8623AA5144371CC41BC5F85433B90AB2B6430E4FD8EABE72DB7AC077EA814D945F89
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
bb7a55020d96e929f6c92ddd42e54c18
Verdict:
No threats detected
Analysis date:
2021-09-16 08:15:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a21a5a07-2cb9-41a6-9b5c-42d0c9353184

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/188321/
Detection(s):
SecuriteInfo.com.Trojan.Heur.02296023.9119.12045.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/61751f93db358dd15ed9266c/reports/b857bded-be80-431e-a17d-590b62951aad/overview
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/335c3607-d361-42ee-abd0-b5586302b2e6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/851891
Signature
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Tries to detect debuggers (CloseHandle check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction which cause usermode exception
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/70c64a3f46820c47b44e30d3925165340735c7ce62ad124268820335ecc808be/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-09-16 08:15:07 UTC
AV detection:
12 of 25 (48.00%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
008ec79765325200361d9c93ac35edd430f8b17894ff843268caa5acd6224549
0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00
1b189602123e4dba4522d442877fb0862a8fbbc4cc6d187954ba27039bea7d9c
4098b54c9d27b00ce34d04ffac24213ed28993a2854827851b157d63407c2e4e
61a70fdae6040d08c4f66f5d5ba95aba1987cda5e4715903696c3139a33d8e05
81074c41b76fd86ce228d266821c33d86a7448f30f58966d7990b77ba321552e
81d14d241a35f52dae782c57784168f5295776984eb55d9f88f9f0cf12e67f72
8344424b2ab65b90171d02df7f9f8625308284c4b25e0e489c005f9c164784c2
84783081ade87f5a4a1902a275eb66c7fe8ebef9e43cdd2d4527bdb1a5a51f04
+ 43 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210916-j5ktyafdaj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
70c64a3f46820c47b44e30d3925165340735c7ce62ad124268820335ecc808be
MD5 hash:
bb7a55020d96e929f6c92ddd42e54c18
SHA1 hash:
cf25472081434f364eae9635472ef6465bba094c
Link:
https://www.unpac.me/results/c1657dba-d318-4e71-8926-c2640bce49c8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/70c64a3f46820c47b44e30d3925165340735c7ce62ad124268820335ecc808be

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 70c64a3f46820c47b44e30d3925165340735c7ce62ad124268820335ecc808be

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/188321/
  
URLhaus
https://urlhaus.abuse.ch/url/1624305/

Comments


Avatar
zbet commented on 2021-09-16 08:14:27 UTC

url : hxxps://tacos.gg/downloads/rust.exe