MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9
SHA3-384 hash: 58c9c7970094cc871f06fb641b3d2dac8af7b16daa3f974f5275b6196542ddfab3f4e96b1895de926fa5f01eed2a9684
SHA1 hash: e5ef2dd654b50ed7be455cbe7aaabaa7acaedc80
MD5 hash: 13003cbfb6d2adfeea85952f8172c4f7
humanhash: lithium-butter-quiet-vermont
File name:SecuriteInfo.com.Trojan.InjectNET.14.3934.31899
Download: download sample
File size:2'009'088 bytes
First seen:2021-10-14 08:51:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 02549ff92b49cce693542fc9afb10102 (84 x CoinMiner, 2 x CoinMiner.XMRig, 1 x AgentTesla)
ssdeep 49152:YMWXWDNahuR7JmTqru3cJXNxDyfCDVYNd/0wZUGGa639KNg:YMwiYSHVYNSwZUhV3R
Threatray 4 similar samples on MalwareBazaar
TLSH T1B595332EEF519F14F0BBB03F011F3A13A4BE1D5BA14DFB2A85B92578E5B4865404DB88
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f3288557c97b978eb4a011de328ed93f
Verdict:
Malicious activity
Analysis date:
2021-10-11 00:12:58 UTC
Tags:
trojan stealer vidar loader
Link:
https://app.any.run/tasks/82137b2d-8356-43b9-b91a-2ffcb47f2c24

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/197460/
Detection(s):
SecuriteInfo.com.Trojan.InjectNET.14.3934.31899.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6167efb9fd35fe780c3f8c0b/reports/578dbf1b-aa9e-4322-ad72-b6a3a34cbde0/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/41e5be8f-983f-4b74-b798-2ebc0dd5baf6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/870297
Signature
Allocates memory in foreign processes
Creates a thread in another existing process (thread injection)
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9/
Threat name:
Win64.Trojan.Donut
Create hunting rule
Status:
Malicious
First seen:
2021-10-11 09:08:00 UTC
AV detection:
15 of 45 (33.33%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2f8571d423e2af665fecf616c284491982acd4d3ab59a4ceb0790fa713266376
323a27a7f2a664921d46c965f0c8d5977fb6c8fce20ba04e208c2945b7abdbba
44e4f61a0d347cf7f59f8a1f545832b1ca375398f234feba4d0d06e4cb5031b3
7c7a666762a9ddf937c9cec874b597523bc0dd2ca10624db4f1c72430462a60e
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211014-ksrmdsgfek/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9
MD5 hash:
13003cbfb6d2adfeea85952f8172c4f7
SHA1 hash:
e5ef2dd654b50ed7be455cbe7aaabaa7acaedc80
Link:
https://www.unpac.me/results/341db187-d479-4aca-81b0-a959bacf0a05/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/9c8590c7165b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1676498/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/197460/

Comments