MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ccb4ed133be5c9c554027347ad8b722f0b4c3f14bfd947edfe75a015bf085e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ccb4ed133be5c9c554027347ad8b722f0b4c3f14bfd947edfe75a015bf085e5
SHA3-384 hash: d9cbbc945bee46be8dc7a32a9fa38835db53075512b209ff3bd488e31f11b10d7bed03cdb0758bd047c4a0359b9842f3
SHA1 hash: 588f6b5a18943f19f6ac334c2b27b829321e1c1a
MD5 hash: 95504605bf08d6ffa7c58350cce56478
humanhash: maryland-delaware-colorado-oscar
File name:9ccb4ed133be5c9c554027347ad8b722f0b4c3f14bfd947edfe75a015bf085e5
Download: download sample
File size:920'576 bytes
First seen:2020-10-14 14:34:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5f7ca61a772049e7c494c6c74d69484c
ssdeep 12288:B5LvuvNSQGPjO0yJFnrt767KtnsInphRgB3auAoWuYr:BF2VGPjl4trts13auAru
Threatray 6 similar samples on MalwareBazaar
TLSH B515096EA66551F5C077C038D562712EE772F4B6033093EF9291963A3F63EE0A93A710
Reporter JAMESWT_WT
Tags:Chinese APT RedDelta

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70801/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Connection attempt
Creating a window
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/491068
Signature
Detected unpacking (changes PE section rights)
PE file has a writeable .text section
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9ccb4ed133be5c9c554027347ad8b722f0b4c3f14bfd947edfe75a015bf085e5/
Threat name:
Win64.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2020-09-12 19:49:10 UTC
File Type:
PE+ (Exe)
Extracted files:
3
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0eb41e962d7be24fe14670c0bda3283dd6db00bbe813d1d93da23c125af8e4dc
24676397320c85928b2fc53501109d63f3fb34a6aba00446c7ed5fbd272fda8b
260ebbf392498d00d767a5c5ba695e1a124057c1c01fff2ae76db7853fe4255b
3d30f3e545110a115ed70bb765354c8b3a7cffa96440f0ea45ee819c71ccb8e9
e1f3874c42cdd4e2c49477d7b2bc3ebd3bcd4e3a2cf882fa4d1ea09546c74f5d
e571cd3a4c0744cb3c5443b868577adced331a7545fcb6e2ed0efbe7506a2f9b
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201014-vam3l6wsl2/
Behaviour
Modifies Internet Explorer settings
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Executes dropped EXE
Unpacked files
SH256 hash:
9ccb4ed133be5c9c554027347ad8b722f0b4c3f14bfd947edfe75a015bf085e5
MD5 hash:
95504605bf08d6ffa7c58350cce56478
SHA1 hash:
588f6b5a18943f19f6ac334c2b27b829321e1c1a
Link:
https://www.unpac.me/results/b9694f3b-6e36-4798-972b-c9ffa05e4821/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9ccb4ed133be5c9c554027347ad8b722f0b4c3f14bfd947edfe75a015bf085e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/IntezerLabs/status/1316384526323638274?s=20
Cape
Cape
https://www.capesandbox.com/analysis/70801/

Comments