MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85e0ff2f0c03b8d8ce1d32b446dcef0e32b79fa581a9c27dcf4d0bb92c6b167f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 85e0ff2f0c03b8d8ce1d32b446dcef0e32b79fa581a9c27dcf4d0bb92c6b167f
SHA3-384 hash: 93404e8ddd17b9466a1888149e1e842d77d54e4616df20d6730c187c5f8133921564169e407156f2a31c7c8423a652b9
SHA1 hash: fc0f485b4e178293c3b3eb26c87a38172cf6ccbb
MD5 hash: 182bbd5dccd1470d10e6b062d39c95d7
humanhash: ten-cup-cola-california
File name:uncategorized_1.2.0.0.vir
Download: download sample
Signature ZeuS
File size:376'832 bytes
First seen:2020-07-19 17:31:35 UTC
Last seen:2020-07-19 19:19:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c70f203eee48c3bebe2e5bb5a3212875
ssdeep 6144:O06mCvDLuqz8u+0O11y0OFEenAtCl8Oayx+7NAuvbijn3STTdRok5r/Fb4sExatv:O06rGW3LOq0OFEeGOayxruvbYSTTz/hT
TLSH AC8412CEB78E6307D99E51B974827C52F8B08BCC1B01131BEB9DC9C961C02AF9857967
Reporter @tildedennis
Tags:uncategorized


Twitter
@tildedennis
uncategorized version 1.2.0.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Behaviour
Behavior Graph:
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 247161 Sample: uncategorized_1.2.0.0.vir Startdate: 19/07/2020 Architecture: WINDOWS Score: 100 37 securetestingnetwotk.com 2->37 47 Multi AV Scanner detection for domain / URL 2->47 49 Antivirus / Scanner detection for submitted sample 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 2 other signatures 2->53 9 uncategorized_1.2.0.0.exe 1 8 2->9         started        signatures3 process4 dnsIp5 41 1.2.0.0 CLOUDFLARENETUS China 9->41 35 C:\Users\user\AppData\Roaming\...\suyq.exe, PE32 9->35 dropped 63 Detected unpacking (changes PE section rights) 9->63 65 Detected unpacking (overwrites its own PE header) 9->65 67 Deletes itself after installation 9->67 14 suyq.exe 9->14         started        17 cmd.exe 1 9->17         started        file6 signatures7 process8 signatures9 69 Antivirus detection for dropped file 14->69 71 Detected unpacking (changes PE section rights) 14->71 73 Detected unpacking (overwrites its own PE header) 14->73 75 3 other signatures 14->75 19 explorer.exe 1 6 14->19         started        23 conhost.exe 17->23         started        process10 dnsIp11 39 securetestingnetwotk.com 19->39 55 Maps a DLL or memory area into another process 19->55 57 Creates a thread in another existing process (thread injection) 19->57 25 wFFBiNkqclEmrhKYmXsWwotD.exe 1 19->25 injected 28 svchost.exe 1 19->28 injected 31 wFFBiNkqclEmrhKYmXsWwotD.exe 19->31 injected 33 24 other processes 19->33 signatures12 process13 dnsIp14 59 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 25->59 61 Tries to harvest and steal ftp login credentials 25->61 43 104.108.35.215, 49703, 80 AKAMAI-ASUS United States 28->43 45 104.108.49.57, 443, 49702, 49704 AKAMAI-ASUS United States 28->45 signatures15
Threat name:
Win32.Trojan.Dynamer
Status:
Malicious
First seen:
2015-08-28 23:55:46 UTC
AV detection:
27 of 31 (87.10%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments