MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1bf9a7b8d6dd555ea81443658567d3d5cd91cdf57ccdbaf9557db1531349f64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 5 File information Yara Comments

SHA256 hash: a1bf9a7b8d6dd555ea81443658567d3d5cd91cdf57ccdbaf9557db1531349f64
SHA3-384 hash: f7989d9885cefec271b6b1d4c743ce1b91cc8c1750a2aedb00fa4045423672b31c58bf2d399645fbb3a5b4cb2bdc1bdc
SHA1 hash: 468cc15e755e368bc56c779ac801a95dffd6c4a9
MD5 hash: 17e2541126192fb39fcfd63c4ea3308a
humanhash: november-grey-oven-west
File name:SecuriteInfo.com.Trojan.GenericKD.43569931.17547.14217
Download: download sample
Signature n/a
File size:544'256 bytes
First seen:2020-08-01 19:34:21 UTC
Last seen:2020-08-02 07:34:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:iAYAE01TYDhqSKbR6j1HpTtipkYbkZB6p7zuL:t/EcYFjKbR6hHpTti
TLSH 85C49F047B50E50EC6AF8F7ACAD44810EDB8F99A4A17E38774C137EF18CE36AA901575
Reporter @SecuriteInfoCom

Intelligence


File Origin
# of uploads :
2
# of downloads :
21
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Unauthorized injection to a recently created process
Creating a file
Launching a process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Signature
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM_3
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 255673 Sample: SecuriteInfo.com.Trojan.Gen... Startdate: 01/08/2020 Architecture: WINDOWS Score: 60 40 Yara detected AntiVM_3 2->40 42 Machine Learning detection for sample 2->42 44 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->44 8 SecuriteInfo.com.Trojan.GenericKD.43569931.17547.exe 1 2->8         started        process3 file4 38 SecuriteInfo.com.T...69931.17547.exe.log, ASCII 8->38 dropped 46 Injects a PE file into a foreign processes 8->46 12 SecuriteInfo.com.Trojan.GenericKD.43569931.17547.exe 1 1 8->12         started        14 SecuriteInfo.com.Trojan.GenericKD.43569931.17547.exe 8->14         started        signatures5 process6 process7 16 powershell.exe 25 12->16         started        18 powershell.exe 23 12->18         started        20 powershell.exe 12->20         started        22 10 other processes 12->22 process8 24 conhost.exe 16->24         started        26 conhost.exe 18->26         started        28 conhost.exe 20->28         started        30 conhost.exe 22->30         started        32 conhost.exe 22->32         started        34 conhost.exe 22->34         started        36 7 other processes 22->36
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-31 01:22:00 UTC
AV detection:
21 of 31 (67.74%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Windows security modification
Contains code to disable Windows Defender
Modifies Windows Defender Real-time Protection settings

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a1bf9a7b8d6dd555ea81443658567d3d5cd91cdf57ccdbaf9557db1531349f64

(this sample)

  
Delivery method
Distributed via web download

Comments