MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79dd688046ef9f26ed0cf633cab305f18b46ce7affaa396813a9587ac2918bb0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79dd688046ef9f26ed0cf633cab305f18b46ce7affaa396813a9587ac2918bb0
SHA3-384 hash: 119398b2bb4f82aee974feecd250e5abb210bff8518032a29f38362873b46a7b008c4119545c49cd372d7c457b96ad39
SHA1 hash: 0f374e5e670e83856a3e184c4e41ef17fb0f68fa
MD5 hash: 04a666d7cf692764645f28189bdb2e70
humanhash: helium-oven-louisiana-virginia
File name:SecuriteInfo.com.PUA.hacktool.728.27994
Download: download sample
File size:121'700 bytes
First seen:2021-03-27 20:33:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 12f12d364f5f6a801e52c9dce28d1965 (2 x AsyncRAT, 1 x SeroXenRat, 1 x XWorm)
ssdeep 3072:X8FHdppuOf+wMSHjnywM0vY9t8Qkh+nXeuS:MFPMOf+wMAywM0EJksnXJS
Threatray 12 similar samples on MalwareBazaar
TLSH 65C36B113AD1C8F9E6521432CB997FD0D2F5EE690F3188B733943A1C6E3C545C626AAD
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b0b0cb50456a989114468733428ca9ef8096b18bce256634811ddf81f2119274
Verdict:
Malicious activity
Analysis date:
2021-03-26 18:38:15 UTC
Tags:
loader trojan
Link:
https://app.any.run/tasks/3927633b-6371-4541-86da-e9a73163bd96

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/127290/
Detection(s):
SecuriteInfo.com.PUA.hacktool.728.27994.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Running batch commands
Launching a process
Sending a UDP request
Deleting a recently created file
Blocking the Windows Defender launch
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d0c6a47b-82c3-48bb-bb54-440e0f6da22e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/655947
Signature
Disable Windows Defender real time protection (registry)
Disables Windows Defender (deletes autostart)
Multi AV Scanner detection for submitted file
Uses cmd line tools excessively to alter registry or file data
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 376910 Sample: SecuriteInfo.com.PUA.hackto... Startdate: 27/03/2021 Architecture: WINDOWS Score: 64 21 Multi AV Scanner detection for submitted file 2->21 7 SecuriteInfo.com.PUA.hacktool.728.exe 5 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        signatures5 23 Uses cmd line tools excessively to alter registry or file data 9->23 25 Uses schtasks.exe or at.exe to add and modify task schedules 9->25 12 reg.exe 1 1 9->12         started        15 reg.exe 1 1 9->15         started        17 conhost.exe 9->17         started        19 30 other processes 9->19 process6 signatures7 27 Disables Windows Defender (deletes autostart) 12->27 29 Disable Windows Defender real time protection (registry) 15->29
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/79dd688046ef9f26ed0cf633cab305f18b46ce7affaa396813a9587ac2918bb0/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-24 20:02:14 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0f9e47562665ef5a863f2b412455f66244c6614dff49a96006473e3604b0c6f8
45ccf8e379c900f0c7496e4debe1ad4550256f6162383baba5f1344e5d9ca250
49e33a3617c0c948569f0e862d090992582eec0e371c471f18074132c85f014b
5199bcc83cf3eb34e56478868237b872fe3795b3ee5b04395ac805a98425801d
703d46e527cbce0c838146a5bb4d93593fb2942ae8dda6cd4d017c5de510549e
a751b1f39e0eb2ab9a6246ad1597c6df78ccacde11c723c710498f01146739d1
ce7fab69a6c10146ac89e121fbe204ca424cd886c4763674eb2e9260b2f6b722
d27db19db72691d403d38243719346bca79efb3f81b6c44d9fd3cd9dfff83b9d
dc4e1c802da2d466553edf5214995a10c49306b9dd9d87a90385c7f20f29adca
f0380fcead378582fadeeddf805919af44febcd9386eb60b609477e8cfe04dc8
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/210327-gnsb3wbe1x/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Modifies Windows Defender Real-time Protection settings
Modifies security service
UAC bypass
Unpacked files
SH256 hash:
79dd688046ef9f26ed0cf633cab305f18b46ce7affaa396813a9587ac2918bb0
MD5 hash:
04a666d7cf692764645f28189bdb2e70
SHA1 hash:
0f374e5e670e83856a3e184c4e41ef17fb0f68fa
Link:
https://www.unpac.me/results/37213fd0-5bc5-42d1-9dce-b5fd0f2192d4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Hupigeon
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/79dd688046ef9f26ed0cf633cab305f18b46ce7affaa396813a9587ac2918bb0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 79dd688046ef9f26ed0cf633cab305f18b46ce7affaa396813a9587ac2918bb0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1095441/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/127290/

Comments