MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8872e76ffc38017c1b3ef4b07756edb26c82cf45cceb8ed4d8c153c358fb5674. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8872e76ffc38017c1b3ef4b07756edb26c82cf45cceb8ed4d8c153c358fb5674
SHA3-384 hash: 063de358580814cbf94509deccf2d81baac6ae5869239951d188e7cfa9682dd775c521558c51d733a90039d1bfb3ab77
SHA1 hash: 6eb1406f3178fbb00133f802ae8c02513de28a09
MD5 hash: b0630729fac8d123b02f90c52017e8d8
humanhash: snake-carbon-bluebird-arizona
File name:近期骗子信息套路谨防上单.com
Download: download sample
File size:733'552 bytes
First seen:2021-05-09 01:48:07 UTC
Last seen:2021-05-09 02:38:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash dac67ad15d498d52b875fafdd7113e11
ssdeep 12288:RULKPViLB87+nDS1hS0/ZxcJZYNyfI9vN+Q001i4zSqCUlRlhpNjRNFxKB/ba:RULKPDVNf9vN+Q001i4fpNjRPSba
Threatray 63 similar samples on MalwareBazaar
TLSH F9F49D31B881C033E5E210329AB99BB35D3DBD34572894DBA3D03BB85A345D37639B5A
Reporter vm001cn
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
141
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
近期骗子信息套路谨防上单.com
Verdict:
No threats detected
Analysis date:
2021-05-09 01:46:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/55db0e3c-7af4-427f-a4eb-22a042320919

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/153386/
Detection(s):
SecuriteInfo.com.Trojan.Siggen13.22029.27881.21923.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Enabling the 'hidden' option for analyzed file
Sending a custom TCP request
DNS request
Sending a UDP request
Sending an HTTP GET request
Creating a file
Creating a process from a recently created file
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Deleting a recently created file
Launching a process
Launching a service
Creating a window
Moving a recently created file
Running batch commands
Searching for the window
Enabling autorun with the shell\open\command registry branches
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/719547
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Execution from Suspicious Folder
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8872e76ffc38017c1b3ef4b07756edb26c82cf45cceb8ed4d8c153c358fb5674/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2021-05-08 11:08:35 UTC
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
02965941d39eef787b6d2483095f7c5c6eec84a2a97ce4e85eee9e0e610506e2
248c72c5eb7823243a820b9935e49534d8a94b91a6528afd8db98c9e8f56fbc0
389ddb82e254c476a6e3e2534182314d4702ce525371c2bcd5da6ef19d4851fb
3ce7a091f24c19dd1a0875c60f9e97ee017435614198c62ca97220658723b785
43919cb86c587b0587b051f513b236247e4fd95cba88a8198e30c4603082cad8
979405efabab43a36e009a0bd005b01d4a4faf9113d14e3fc78865eb461bbc61
a578e71d04eae80004ab431497c95fb9779a95dc7f0c60996c24c1cb7139745d
a66d1021e54269963e9a54892869d569ffa1c74d9fb1b67f023ea5fdfd90c1a6
ea45f9b3dd2e613bb9cb0659dcf6d66ca092738fc510e37226bb99542ad685c8
eb6478f051ae5b16921ed95f6a2f761512c79787ac2b54f0d00742ad526c34b8
+ 53 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/210509-3tzsaz8fdx/
Behaviour
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Loads dropped DLL
Downloads MZ/PE file
Executes dropped EXE
Looks for VirtualBox Guest Additions in registry
Unpacked files
SH256 hash:
8872e76ffc38017c1b3ef4b07756edb26c82cf45cceb8ed4d8c153c358fb5674
MD5 hash:
b0630729fac8d123b02f90c52017e8d8
SHA1 hash:
6eb1406f3178fbb00133f802ae8c02513de28a09
Link:
https://www.unpac.me/results/7309b006-00c3-4d21-990a-64db1caea964/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8872e76ffc38017c1b3ef4b07756edb26c82cf45cceb8ed4d8c153c358fb5674

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/153386/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-09 02:02:36 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0001.025] Anti-Behavioral Analysis::Software Breakpoints
1) [B0009] Anti-Behavioral Analysis::Virtual Machine Detection
2) [B0012.001] Anti-Static Analysis::Argument Obfuscation
3) [B0030.002] Command and Control::Receive Data
4) [B0030.001] Command and Control::Send Data
5) [C0011.001] Communication Micro-objective::Resolve::DNS Communication
6) [C0002.014] Communication Micro-objective::Read Header::HTTP Communication
7) [C0003.003] Communication Micro-objective::Read Pipe::Interprocess Communication
8) [C0001.004] Communication Micro-objective::Connect Socket::Socket Communication
9) [C0001.011] Communication Micro-objective::Create TCP Socket::Socket Communication
10) [C0001.012] Communication Micro-objective::Get Socket Status::Socket Communication
11) [C0001.009] Communication Micro-objective::Initialize Winsock Library::Socket Communication
12) [C0001.006] Communication Micro-objective::Receive Data::Socket Communication
13) [C0001.007] Communication Micro-objective::Send Data::Socket Communication
14) [C0001.001] Communication Micro-objective::Set Socket Config::Socket Communication
15) [C0001.005] Communication Micro-objective::Start TCP Server::Socket Communication
16) [C0001.008] Communication Micro-objective::TCP Client::Socket Communication
17) [C0029] Cryptography Micro-objective::Cryptographic Hash
18) [C0031] Cryptography Micro-objective::Decrypt Data
19) [C0027.004] Cryptography Micro-objective::3DES::Encrypt Data
20) [C0027] Cryptography Micro-objective::Encrypt Data
21) [C0021.003] Cryptography Micro-objective::Use API::Generate Pseudo-random Sequence
22) [C0019] Data Micro-objective::Check String
23) [C0026.001] Data Micro-objective::Base64::Encode Data
24) [C0026.002] Data Micro-objective::XOR::Encode Data
27) [C0045] File System Micro-objective::Copy File
28) [C0046] File System Micro-objective::Create Directory
29) [C0047] File System Micro-objective::Delete File
30) [C0051] File System Micro-objective::Read File
31) [C0050] File System Micro-objective::Set File Attributes
32) [C0052] File System Micro-objective::Writes File
33) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
34) [C0036.004] Operating System Micro-objective::Create Registry Key::Registry
35) [C0036.003] Operating System Micro-objective::Open Registry Key::Registry
36) [C0040] Process Micro-objective::Allocate Thread Local Storage
37) [C0017] Process Micro-objective::Create Process
38) [C0038] Process Micro-objective::Create Thread
39) [C0041] Process Micro-objective::Set Thread Local Storage Value
40) [C0018] Process Micro-objective::Terminate Process