MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b60f75253c0ccf9d616ab1f1920d4b9baf1fe140e1f4eff7cb74d270c6d42fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b60f75253c0ccf9d616ab1f1920d4b9baf1fe140e1f4eff7cb74d270c6d42fc
SHA3-384 hash: 7bf78dfa1e4e3326694026c456376055861d1f275cea6ac80ec3d27b97ab7444ce9dddefec535c191aa5f19aff2f80c7
SHA1 hash: b16e42d1b14bbba2ad6e7fa5c4e35e9900333f5c
MD5 hash: a7a472aa2a4d1604bb64d5a63e5bd710
humanhash: uranus-cardinal-alabama-low
File name:a7a472aa_by_Libranalysis
Download: download sample
File size:1'641'792 bytes
First seen:2021-05-03 01:01:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 24576:S+whL+xnrpGDNoE/9Ax6ZwdqpkHzZgbs+WVOWTJ6MfKqEyLd7a2YO82531im9k:r28nVGDj9AgoqmHd8svkWT9yqnf4bm6
Threatray 52 similar samples on MalwareBazaar
TLSH A475231BF8D349F1C82A7A3852253B23F940BDACDDB057064ADB131588776CAF78B265
Reporter Libranalysis


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/148038/
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a custom TCP request
Creating a file
Sending a UDP request
Setting a keyboard event handler
Searching for the window
Changing a file
Blocking a possibility to launch for the Windows Task Manager (taskmgr)
Forced shutdown of a browser
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
32 / 100
Link:
https://www.joesandbox.com/analysis/706780
Signature
Disables the Windows task manager (taskmgr)
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b60f75253c0ccf9d616ab1f1920d4b9baf1fe140e1f4eff7cb74d270c6d42fc/
Threat name:
Win32.Trojan.Diztakun
Create hunting rule
Status:
Malicious
First seen:
2021-01-26 14:22:55 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
14cccfdfec5ad5bb0a8c12e1c07c2dc92a21c3171b5bdc1ed026bad21611d0b7
1a3e09c9e55edd4048813fe5a20a87e840cb96039f199a0f6f960f315a61486f
23b038034753de2b160a1039ad4f724f0cb75d57d0f73af56d592850c82a20cb
36192aaa605b98f67d88d3712e5eb7ddd8e229766bbae3b2efebdb98f19662ea
51c53576e439424a479865f5b9c19288f4ba48743b513cd3ead582d0cc647187
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
6369b1ed4ab77dfaea18de4beb22c0ca26bd91eae120261c3657f079f88c1790
7c3c41d8da242f6ae707daaf842c0c0afb4ff541e3b009c62e51bc7d93eca86b
ada1c5359c35e6b70c5a2d5533f9d725f86a1e155c8486bfd2941c9b40478ea2
b81dece72c020fa2cb5f5df57f71de84142574d54ef1a165aff47ec171b618d0
+ 42 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/210503-jy1zhk1lnn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Checks BIOS information in registry
Identifies Wine through registry keys
Disables Task Manager via registry modification
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Unpacked files
SH256 hash:
8b60f75253c0ccf9d616ab1f1920d4b9baf1fe140e1f4eff7cb74d270c6d42fc
MD5 hash:
a7a472aa2a4d1604bb64d5a63e5bd710
SHA1 hash:
b16e42d1b14bbba2ad6e7fa5c4e35e9900333f5c
Link:
https://www.unpac.me/results/b418f8f7-5761-41c0-9307-1cc5aec7362e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Diztakun
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8b60f75253c0ccf9d616ab1f1920d4b9baf1fe140e1f4eff7cb74d270c6d42fc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/148038/

Comments