MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 819ad92345f0b30fabc274b1606e99a89ed462d7910be500fb8f67149ccf7246. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 819ad92345f0b30fabc274b1606e99a89ed462d7910be500fb8f67149ccf7246
SHA3-384 hash: b2cfc4fd0938dcfe321c0a1eedb56d6e9bec188fdf865a8db3ff05ea4499075b0a6a06d5df1ca0878e580d1247d93f60
SHA1 hash: 93df279655e9434d16720ba459c90634ff83d1c4
MD5 hash: ab1337a2ff52713e038665ae9f002830
humanhash: uranus-moon-magnesium-hydrogen
File name:819ad92345f0b30fabc274b1606e99a89ed462d7910be500fb8f67149ccf7246.bin
Download: download sample
File size:268'896 bytes
First seen:2020-11-03 07:52:47 UTC
Last seen:2020-11-03 10:00:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2477ba8c2dc064f789fcbd8415a238d8 (4 x FickerStealer, 1 x CoinMiner.XMRig)
ssdeep 6144:8uDo5RmmxijFsIEgciSF8YMmBIWnh7HQWrpB:zDoqySxAF8Yd7Hrn
Threatray 24 similar samples on MalwareBazaar
TLSH E6442909ED429D68C87ABA3129FFE239CA344A1C401B906BDFAB6F44EA3F3505D5D146
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/81980/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.55450.25840.27593.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Sending an HTTP GET request
Creating a file
Connection attempt
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/518934
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/819ad92345f0b30fabc274b1606e99a89ed462d7910be500fb8f67149ccf7246/
Threat name:
Win32.Trojan.Zudochka
Create hunting rule
Status:
Malicious
First seen:
2020-09-18 03:21:00 UTC
File Type:
PE (Exe)
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
3e1f7453aa2f3bc50b969bb46142a09ac3d68c01cec4fc3c0277fa124625d731
55cd6adf3daa4503e99105b38ea2449c36afbd4ccab3447444f0679bba845484
7d9779fbd1bf96300874dfb62e5756308807a2c16a83de2a3f2edab794215946
81476a0591455602ec96e76fd76d781dc2da872e3c1909b58bda58a1851f6099
9f34fa05d64045ba9833a00884d71bbbbdf4702b4417c15fc35c6308ea918a08
a456769302254d2e6609a7832d93937572b7b73cca217873d7f60678414645e0
ad7df9c3f3da564ae38fda8bfa0324a52ed98899696e763dae3bff7dad93262b
c9b2ba6f4adb6aa4bb3c15e92d6b51eaaa5c1efa14ad774be125d4d47fae7fb4
dc021a0ca0bb3f66d54d15d2b236422c0b90399ea762c7d7aa6d727b9bd5b46c
efc9dc681fbad59d5fb6f1a66b433d6a7a7b7144444413d78f9d71dd184039ab
+ 14 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201103-ep9rarvbkn/
Behaviour
Looks up external IP address via web service
Unpacked files
SH256 hash:
819ad92345f0b30fabc274b1606e99a89ed462d7910be500fb8f67149ccf7246
MD5 hash:
ab1337a2ff52713e038665ae9f002830
SHA1 hash:
93df279655e9434d16720ba459c90634ff83d1c4
Link:
https://www.unpac.me/results/433505a1-8591-41f9-acdc-10813b16a0b9/
SH256 hash:
308df983d5af68bcaea07e84b99bdbc50df54affd5c843efe0746318d508cc6e
MD5 hash:
8f01e1f3bc95425814d1b78609298ac9
SHA1 hash:
148e0db47e9857f2f0146dbeac89c6865d7341ce
Link:
https://www.unpac.me/results/433505a1-8591-41f9-acdc-10813b16a0b9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/819ad92345f0b30fabc274b1606e99a89ed462d7910be500fb8f67149ccf7246

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/81980/

Comments