MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7775bf665391c8e930e16cdb4b1a78458ffe7e662a099376050d425a8c24637e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	7775bf665391c8e930e16cdb4b1a78458ffe7e662a099376050d425a8c24637e
SHA3-384 hash:	f937c755b49f966f831ff8d8992b49fe90474c119886f2e35b38343345afb089748b75e273f1cfeca4495bd27c595ad0
SHA1 hash:	97ec3e89052cd5a0fd283f369bd94e154466ffdb
MD5 hash:	7168bae98c3b87b661870df83f73ed0d
humanhash:	east-artist-pip-orange
File name:	7775bf665391c8e930e16cdb4b1a78458ffe7e662a099376050d425a8c24637e
Download:	download sample
File size:	3'299'862 bytes
First seen:	2020-06-03 09:48:39 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3d349bb1fedb23758a6e397e5d691576 (8 x Bancteian, 7 x AZORult, 1 x AgentTesla)
ssdeep	49152:ZUuBTOjZwS1Ihk+hy7iHuaRZnt+NTNLiG97k:ZXRO0hkr2Rxt+eN
Threatray	7 similar samples on MalwareBazaar
TLSH	F7E55B17B284583FC06B173A8837A7549D3FBE6166269C0F17F078CC8E7A5817D2A64B
Reporter	raashidbhatt
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

58

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Bancteian-0-6418983-0

Win.Malware.Delf-6821970-0

PUA.Win.Adware.Dealply-6840263-0

Gathering data

Threat name:

Win32.Trojan.Bancteian

Status:

Malicious

First seen:

2020-06-04 04:29:45 UTC

AV detection:

46 of 48 (95.83%)

Threat level:

5/5

Verdict:

suspicious

Similar samples:

0622421f5a2a6dfa2de39175fbc710f982788677162c2e93ed1eb78d33d6bc75

118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1

2c08eadd3382400c96eb0d442d555053aa80eb467f328eb12bc97046ca3a6603

31e0d8d290cef40450e8afb88a58749155645f4f702bdec51a81290d0230de09

8c3d5e134df25eda7738bbbfaea35569b90bbc9f00308ca32ff6feb76e783e11

b5961f407c0afef04c9406ba17cbae3fe4cc575b47e50081abbda0d96f9c0f18

d68a5a2bf92f0f08b8eb6f39351462f81d65d54085c1c7ae3aa81b2d3018434e

Result

Malware family:

n/a

Score:

10/10

Tags:

evasion persistence spyware trojan

Link:

https://tria.ge/reports/201109-yg82ddtk6e/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

System policy modification

Drops file in Windows directory

Adds Run key to start application

Checks whether UAC is enabled

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Modifies WinLogon for persistence

Modifies visiblity of hidden/system files in Explorer

UAC bypass

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample