MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4
SHA3-384 hash: 5f721c598dbaf12df6ca8b96b070364a64192684aad04d472d04f7800f6ed2e16870bbc4a6004ea458a003721c11ea99
SHA1 hash: 4a6ebb8bfd026a782f125e88f2ecf191015e9949
MD5 hash: 224bf2d66ccf760d55253ab3901482e2
humanhash: oranges-paris-queen-orange
File name:SecuriteInfo.com.Mal.Generic-S.27799.15307
Download: download sample
File size:8'489'472 bytes
First seen:2020-06-18 09:33:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2a2b741f7f26c0d0238b178bc61e786f (2 x DanaBot)
ssdeep 196608:tFcBJIallQT25cRGDZ9mkoxEpX5pUPxitjUpv382CE:kSaD/cRo0kNpX5pUPYUpv382CE
Threatray 26 similar samples on MalwareBazaar
TLSH 6B863340760306C7F99E0CB5BB0D592B9B6CF88CE9C08C27D805BF2A5DB4569DE8761B
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
OlympicDestroyer
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19716/
Detection(s):
SecuriteInfo.com.Mal.Generic-S.27799.15307.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Coins
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 19:40:17 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
52f137c22685d15df043daabdb9c823e07ecec4df42bcc2fa2c5bd45913d32ea
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
5ef8714caf9c7296847b67b27edb93c3aec23d7e77b57d23d0e8607d707a2c49
6c90f16a6932be921cbb44b9e4531cf36e5ded6d5dd0016c4309a56ab8a96461
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
991c4166a2246ca5ae9186a1e747f5eb767fdbd304dbfa1c5f4a2019cb6b4aec
aeb1bfcef382789091e72e2d6cae6e471123d0e8e7a5f39c64abf5a3d9a4eaa8
e3bb8c334350185803b3863f71d6fced186b373e8768bb537e371dff11f74386
f4901daf97516f9a9b54233dd81810398de07db40d47072f37d90b4225387fd2
+ 16 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware evasion trojan discovery
Link:
https://tria.ge/reports/200624-q7sqdwlak2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of NtSetInformationThreadHideFromDebugger
Modifies system certificate store
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Accesses cryptocurrency wallets, possible credential harvesting
Checks for installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Unknown_PWDumper_Apr18_3
Create hunting rule
Author:Florian Roth
Description:Detects sample from unknown sample set - IL origin
Reference:Internal Research
Rule name:with_sqlite
Create hunting rule
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/396009/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/19716/

Comments