MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b2ad325e0cda26d0cd3769bea307050581d5c38d40d1281ff7e6b56420369cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b2ad325e0cda26d0cd3769bea307050581d5c38d40d1281ff7e6b56420369cd
SHA3-384 hash: 09d401375dd2afa367d99feaa2fa1c30b174ea892021daf86072df8e4b57544e7678bf036a5f6066dbaa4a661f89eff2
SHA1 hash: 6a36cdc958d074412fed783a7eaeee4cb2df2d3e
MD5 hash: c6da627138c596d5164176515eed220e
humanhash: orange-six-johnny-happy
File name:SecuriteInfo.com.Win32.Packed.Themida.HLN.29559
Download: download sample
File size:2'613'248 bytes
First seen:2020-06-22 15:33:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c1dea2021bf88a530806ddc20f537201
ssdeep 49152:4Xv4vXxDlOjA1Giq2Com9Dnm7fgHnUNW8sm5lmlAiVg0o7Lb2C8A5ave:X+j+nq0smMHUNUI70o7tDa2
Threatray 55 similar samples on MalwareBazaar
TLSH AFC533A206854C4FF74A51704AF88CE646AD4464C5FEA9887E9E036F722E07E4C367BD
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/12681/
Detection(s):
SecuriteInfo.com.Win32.Packed.Themida.HLN.29559.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9b2ad325e0cda26d0cd3769bea307050581d5c38d40d1281ff7e6b56420369cd/
Threat name:
Win32.Packed.Themida
Create hunting rule
Status:
Malicious
First seen:
2020-06-22 12:12:59 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
08c31318d635778eaaf19c55440ed58570e764db28339f3061d927d9f3643ce3
1571b2ee13c7552f19b2fffc1c3f7dc63dffa8652d0cfa32136852629763018d
33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a
433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
84581968dd8c3480b3f0dcc2cd0cffa26542bb8cb79c8150f2be5ea5afd1b6b1
8cd9ff6a88e32c22bc217df94c45075bc145f0263d0e151180fe9651d8826e57
99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab
ad3c67acd7773a47ac0d46c544f1bcaa03ddbeb577b195e66fc4a15cd4413dab
d6ba040d10d1fb8e0f6a8b1d5378be566f6d3816bf1a00fb3e0bb6eed29346b2
+ 45 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion trojan spyware
Link:
https://tria.ge/reports/200624-4mbltw85v2/
Behaviour
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Suspicious use of NtSetInformationThreadHideFromDebugger
Looks up external IP address via web service
Checks whether UAC is enabled
Checks BIOS information in registry
Deletes itself
Reads user/profile data of web browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/12681/

Comments