MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d5fcc37dd8243986f9bb28dccd74960163c965f87f23fc4e0360f17188cc332. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d5fcc37dd8243986f9bb28dccd74960163c965f87f23fc4e0360f17188cc332
SHA3-384 hash: 098ae12a53959bda3b68f8e796b776fcb90bb38784a5fc1b0ce96f635f382d9dbaad529c5c3f47ef60105e257aab9055
SHA1 hash: 1d99a895f4e807fbebb03df1d5a324776e4e7f4b
MD5 hash: 5c93a95a93fc65019149aca96868fe60
humanhash: pasta-wolfram-july-papa
File name:8d5fcc37dd8243986f9bb28dccd74960163c965f87f23fc4e0360f17188cc332
Download: download sample
File size:491'521 bytes
First seen:2020-11-07 22:29:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ef3fd1c1a81435e51fcc42212e25d2ec (7 x Reconyc)
ssdeep 12288:jRHmBZxlmfItCti6Gt/lMGW73hStVUNdnonUfFr:1HKxlmf2Yi5BBQr
Threatray 13 similar samples on MalwareBazaar
TLSH D8A4F1771C594206DB53FD38C62358722DA987152629FD32297DBC273AE2203CB9F5B8
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Dridex-7734686-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Creating a window
Launching a process
Searching for the window
Forced system process termination
Changing a file
Moving of the original file
Setting a single autorun event
Blocking a possibility to launch for the Windows Task Manager (taskmgr)
Forced shutdown of a system process
Deleting of the original file
Forced shutdown of a browser
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d5fcc37dd8243986f9bb28dccd74960163c965f87f23fc4e0360f17188cc332/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-09-24 06:52:48 UTC
AV detection:
43 of 48 (89.58%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232
1f2efa2a023e42852e744c68ec659295448900f471a47032610a9493dc1a1f85
296b64f00dfe0aacad6cb5b400caf51f90f0129fb07e1afc71abc0d3a2b1b1a5
3075a769f000372501a625d5073892f6a1c7363fe4ec5751658d7bc00561d0ff
6153eb4861731cb8b710414247b40ca5851a31c6a79b44d488d02d59b4abc5ff
75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
9ea59a3284eb0dfd4af9a58e5e5be9abf46cd42e911650f587c7d6d67d29691f
b604f76daf8cf56c371dbfc20bbeff0ab2d451d9fa059615682a0c6054bf1627
bbdd92fe560df908080324d2c514af5c674f1aa2b8c4b65d5a37a5cd6ccbbba2
ee379be40d5c1621d1e0ccf136de363f950cbc92e5ee7f2b05c447cf8f6f2398
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
persistence
Link:
https://tria.ge/reports/201108-99mxmgwzz6/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
System policy modification
Program crash
Modifies service
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Deletes itself
Loads dropped DLL
Executes dropped EXE
Modifies Installed Components in the registry
ServiceHost packer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments