MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e0aea169927ae791dbafe063a567485d33154198cd539ee7efcd81a734ea325. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	8e0aea169927ae791dbafe063a567485d33154198cd539ee7efcd81a734ea325
SHA3-384 hash:	41d82ffaaa34d95a85151707f50bed116fa12624f6bb8ea261ea30af1345445bbcbe373f9a14d6aabac0c3d60ed2d5f3
SHA1 hash:	5b47603189209c7b1f5e3258f1fe2c5be37bb40c
MD5 hash:	5fb477098fc975fd1b314c8fb0e4ec06
humanhash:	bakerloo-seven-carolina-xray
File name:	SecuriteInfo.com.Trojan.GenericKD.42884880.13776.30152
Download:	download sample
File size:	1'981'952 bytes
First seen:	2020-03-27 09:46:18 UTC
Last seen:	2020-03-27 10:33:32 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	6ed4f5f04d62b18d96b26d6db7c18840 (225 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep	49152:nCHqFa2tIgmk24U+wwoU3MqhYDGD48qnOFg:CgaWRSrahVU8qn
Threatray	52 similar samples on MalwareBazaar
TLSH	69953383C7372CC8F7A0F4777202D69F1A87255040DF4B6182D8E66DF27B9A949358BA
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-6

PUA.Win.Packer.Upx-4

SecuriteInfo.com.Trojan.GenericKD.42884880.13776.30152.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Ranumbot

Status:

Malicious

First seen:

2020-03-13 13:34:02 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Verdict:

malicious

33084be03513386911655bc80a549a8aec6f8cbeef78975c0f9ae486e68b1b31

34c2eed8a266d3b5221bb51f0b5a59712b01d0b339a1db8f626688cb8fb81030

629a413c87fe43667f39e89ec6314ec471bea166444c050375b6b56e1c00907b

86fce58f93e4087e261c52befbb872ddafeb8129008d5153c90084cd4a4a45d0

9f0c58f568c713eb2a7fc4836806a3e70bcdb41d05bfc75a1f815c64d856afde

b7db5b70b15ebac71e0aa8d7cb4e5f663171721b03157644cc2880a38337048a

c006abbb1bae333e5973f9c419bfd9c3c721698cf2cf3ffbd1048fdfb4de811b

cb1ffa5cd81d50702ee7296cd788a66fa8d5aa422e5cb4cdaca5a2ea4322141f

d5d368c9ba295ef4c36fe1e02452418d14f27512fe153c2f16f7384ca60b3db4

+ 42 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 8e0aea169927ae791dbafe063a567485d33154198cd539ee7efcd81a734ea325

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/330774/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample