MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8759d45e142c15d4e4cc63fc147114ef52bb57623710552c4ba76f43face2524. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 5 File information Yara Comments

SHA256 hash: 8759d45e142c15d4e4cc63fc147114ef52bb57623710552c4ba76f43face2524
SHA3-384 hash: a78ad7ae6efe86403e2332a10aee3331388efb82fde27aebe90f19c1bb7338d3674a3bfd3d8da33572b6699cd4764d93
SHA1 hash: ff221ab036b2eefe88a11539dbe199c4045843f2
MD5 hash: c050d373293b8f2fe952065fb66a03b0
humanhash: pasta-cold-mango-william
File name:SecuriteInfo.com.Trojan.DownLoader26.35178.31997.31041
Download: download sample
Signature n/a
File size:321'536 bytes
First seen:2020-08-01 19:29:24 UTC
Last seen:2020-08-02 07:34:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:47iP4w6RW+pGW6qKbBuYI5y8CdKnuIlBdaLPlAzjIeeod0KbJeowGA:xBp0VflRICHwn
TLSH C8642B5036BE9FD2E2DB13BAC0E1AC10C3289827C7E2F34F94A95474B915369DC16B97
Reporter @SecuriteInfoCom

Intelligence


File Origin
# of uploads :
2
# of downloads :
20
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Setting a keyboard event handler
Sending a UDP request
Creating a file in the %AppData% subdirectories
Using the Windows Management Instrumentation requests
Creating a process from a recently created file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a recently created process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
60 / 100
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 255548 Sample: SecuriteInfo.com.Trojan.Dow... Startdate: 01/08/2020 Architecture: WINDOWS Score: 60 32 .NET source code contains potential unpacker 2->32 34 .NET source code references suspicious native API functions 2->34 36 Machine Learning detection for sample 2->36 8 SecuriteInfo.com.Trojan.DownLoader26.35178.31997.exe 1 14 2->8         started        12 SamsungUpdate.exe 4 2->12         started        14 SamsungUpdate.exe 4 2->14         started        process3 file4 24 C:\Users\user\AppData\...\SamsungUpdate.exe, PE32 8->24 dropped 38 Installs a global keyboard hook 8->38 16 SamsungUpdate.exe 9 8->16         started        signatures5 process6 dnsIp7 26 tuttotone.serveftp.com 2.44.30.94, 49728, 9001 VODAFONE-IT-ASNIT Italy 16->26 28 Machine Learning detection for dropped file 16->28 30 Installs a global keyboard hook 16->30 20 cmd.exe 1 16->20         started        signatures8 process9 process10 22 conhost.exe 20->22         started       
Threat name:
Win32.Trojan.Tiggre
Status:
Malicious
First seen:
2018-04-05 00:53:00 UTC
AV detection:
28 of 48 (58.33%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8759d45e142c15d4e4cc63fc147114ef52bb57623710552c4ba76f43face2524

(this sample)

  
Delivery method
Distributed via web download

Comments