MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a2c9b3eec66b62858a6775f00e4c5c76fb0abf01ef2cb8c9a94133faa199db3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a2c9b3eec66b62858a6775f00e4c5c76fb0abf01ef2cb8c9a94133faa199db3
SHA3-384 hash: 59e484b805aa182890496cd85aeb36766136b61d92dc0d7ad8513e1c7efd411eb5c686be2f60df7541724d7a5eebf295
SHA1 hash: d0f888cf3f72ad8973457a87e938347347503fb4
MD5 hash: 760162d63c3ef7cf90dd611ad1b025a3
humanhash: uniform-december-dakota-salami
File name:Internet Download Manager 6.40 Build 8.exe
Download: download sample
File size:8'784'954 bytes
First seen:2022-03-06 13:18:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 254a3a10c7173262c1ad498fb1bffb52
ssdeep 196608:1aVh04m8nrX+Wgy8dbHxbsmukwl2Tw/KGtDnS5i4:1E/ruWgjNw9KGtrS5r
Threatray 2 similar samples on MalwareBazaar
TLSH T14096339C32E545F4C77E68BE6DD0BC7858289E81D26902FFA749B0EBB733D50068D50A
File icon (PE):PE icon
dhash icon e1e0e2f3e6ec3823 (4 x XWorm, 2 x njrat, 2 x Spambot.Kelihos)
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
321
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/247676/
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a window
Searching for the window
Searching for synchronization primitives
Creating a file
Сreating synchronization primitives
Creating a process from a recently created file
Creating a file in the %temp% directory
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Launching a tool to kill processes
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/338ba3df-9f54-496c-9a76-7e2b5c6e2993
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/951417
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
AutoIt script contains suspicious strings
Binary is likely a compiled AutoIt script file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
PE file has a writeable .text section
Uses cmd line tools excessively to alter registry or file data
Uses whoami command line tool to query computer and username
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 583898 Sample: Internet Download Manager 6... Startdate: 06/03/2022 Architecture: WINDOWS Score: 96 37 Antivirus / Scanner detection for submitted sample 2->37 39 Multi AV Scanner detection for submitted file 2->39 41 AutoIt script contains suspicious strings 2->41 43 3 other signatures 2->43 9 Internet Download Manager 6.40 Build 8.exe 216 2->9         started        process3 file4 29 C:\Kinghaze\Kur.exe, PE32 9->29 dropped 31 C:\Kinghaze\Kur\IDM94.tmp, PE32 9->31 dropped 33 C:\Kinghaze\Kur\IDM92.tmp, PE32 9->33 dropped 35 37 other files (none is malicious) 9->35 dropped 12 Kur.exe 2 9->12         started        process5 signatures6 47 Antivirus detection for dropped file 12->47 49 Multi AV Scanner detection for dropped file 12->49 51 Binary is likely a compiled AutoIt script file 12->51 15 cmd.exe 1 12->15         started        process7 signatures8 53 Uses cmd line tools excessively to alter registry or file data 15->53 55 Uses whoami command line tool to query computer and username 15->55 18 cmd.exe 1 15->18         started        21 taskkill.exe 1 15->21         started        23 taskkill.exe 1 15->23         started        25 18 other processes 15->25 process9 signatures10 45 Uses whoami command line tool to query computer and username 18->45 27 whoami.exe 1 18->27         started        process11
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a2c9b3eec66b62858a6775f00e4c5c76fb0abf01ef2cb8c9a94133faa199db3/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-02-21 13:50:00 UTC
File Type:
PE (Exe)
Extracted files:
3045
AV detection:
20 of 27 (74.07%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1d364c185082bf798f4ff21f33b63c84cc1407ca33be17793990190b59d2042c
bf72cee251615ca0af6b861fd4abf781b007249d3b0bc8612bcb37bac0d427f5
Result
Malware family:
n/a
Score:
  10/10
Tags:
adware discovery persistence stealer upx
Link:
https://tria.ge/reports/220306-qj13csafa8/
Behaviour
Kills process with taskkill
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Program Files directory
AutoIT Executable
Checks installed software on the system
Installs/modifies Browser Helper Object
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Registers COM server for autorun
Unpacked files
SH256 hash:
8ae97f715e21b3a20c68d00f29af426055e949b3b5f9dadaafb3319b81a0dece
MD5 hash:
2a31aeef9cc4b47f2e98e64f698d4ca8
SHA1 hash:
6d416526320028f751955a38003ec7bb3d4fcd6c
Link:
https://www.unpac.me/results/afdb5ec3-2cbc-4343-b480-4892aa2712ea/
SH256 hash:
207740dc77cf85556ada965d7060ba18376bee79be385ebb935029c1a1132e21
MD5 hash:
6136a345b002e78c73954bf90b970f81
SHA1 hash:
8b2c658f254a20b1d19d64ecf12a85196451f50f
Link:
https://www.unpac.me/results/afdb5ec3-2cbc-4343-b480-4892aa2712ea/
SH256 hash:
87f662c73682d909986b9c65dc585986beb3c3e10efebc1038d3adc0779fb8ef
MD5 hash:
cc3add4de5c3d033d3b15d1f4f21e1f9
SHA1 hash:
73e0546513d743505460d372847e0e52f6cfdb76
Link:
https://www.unpac.me/results/afdb5ec3-2cbc-4343-b480-4892aa2712ea/
SH256 hash:
7a2c9b3eec66b62858a6775f00e4c5c76fb0abf01ef2cb8c9a94133faa199db3
MD5 hash:
760162d63c3ef7cf90dd611ad1b025a3
SHA1 hash:
d0f888cf3f72ad8973457a87e938347347503fb4
Link:
https://www.unpac.me/results/afdb5ec3-2cbc-4343-b480-4892aa2712ea/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.83
Link:
https://yomi.yoroi.company/submissions/7a2c9b3eec66b62858a6775f00e4c5c76fb0abf01ef2cb8c9a94133faa199db3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/247676/

Comments