MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 921b899e4c61812633ba9ed76783c4083de7ca1922f6eaac6215d6940d9aa2b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 921b899e4c61812633ba9ed76783c4083de7ca1922f6eaac6215d6940d9aa2b7
SHA3-384 hash: 3fb0b347693860db4e88681209d828029c95c320bfcbbee60becad48c21373915c5ba449f79c3c55940564d75f12db5c
SHA1 hash: b02b22667bb7504dbf48b41814dfd9b19d07f2a0
MD5 hash: 7bee3f8dcef6c5d48597b5278a07d271
humanhash: berlin-uranus-nine-quiet
File name:921b899e4c61812633ba9ed76783c4083de7ca1922f6eaac6215d6940d9aa2b7
Download: download sample
File size:473'040 bytes
First seen:2020-11-07 20:18:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ef3fd1c1a81435e51fcc42212e25d2ec (7 x Reconyc)
ssdeep 12288:xognzUngUsrgVW5SrtUPJrTX8qd/kflVV:xogzZUDVW5x38/lVV
Threatray 9 similar samples on MalwareBazaar
TLSH E7A4ADACDC817D73EDE89D7D617E5A122C325BC7063F521BC49E2C695C2B3A40A76432
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Razy-6911781-0
Create hunting rule

Win.Packed.Razy-6913220-0
Create hunting rule

Win.Malware.Razy-6913467-0
Create hunting rule

Win.Packed.Dridex-9786378-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
Creating a window
Moving of the original file
Deleting of the original file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/921b899e4c61812633ba9ed76783c4083de7ca1922f6eaac6215d6940d9aa2b7/
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 20:38:58 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232
0d00922fa0ec170439504b0694cc584c76702d9e9b5c7bf83f5b887755ddecb2
1f2efa2a023e42852e744c68ec659295448900f471a47032610a9493dc1a1f85
296b64f00dfe0aacad6cb5b400caf51f90f0129fb07e1afc71abc0d3a2b1b1a5
3075a769f000372501a625d5073892f6a1c7363fe4ec5751658d7bc00561d0ff
59eb4977b433ca77f1590c094dead7cf6bfc1cee4ece19ec994af25d918b54b9
75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
9ea59a3284eb0dfd4af9a58e5e5be9abf46cd42e911650f587c7d6d67d29691f
b604f76daf8cf56c371dbfc20bbeff0ab2d451d9fa059615682a0c6054bf1627
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201108-grh5kgdpt6/
Behaviour
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: RenamesItself
Program crash
Deletes itself
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments