MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a399a577164bba13568d68d4ad05c4a2a6eda71bc97e5f1edb5462371330473f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a399a577164bba13568d68d4ad05c4a2a6eda71bc97e5f1edb5462371330473f
SHA3-384 hash: c75c909a532aada6f2b3f7b59a759626829f87f8d5db71e8115cec8bb4a842752707347e80e9498579ac3e88c5a8c6cd
SHA1 hash: 60adf7aaa0d3c0827792016573d53d4296b21c18
MD5 hash: 1f877b8498c53879d54b2e0d70673a00
humanhash: burger-oven-alabama-maine
File name:a399a577164bba13568d68d4ad05c4a2a6eda71bc97e5f1edb5462371330473f
Download: download sample
File size:28'672 bytes
First seen:2020-03-23 18:47:23 UTC
Last seen:2024-01-13 05:32:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:UsR49nbSap66X4BIDQcY6EYH4iEy9smoikB:gFX4Bp6vzsp/
Threatray 1'360 similar samples on MalwareBazaar
TLSH 49D2F10CE60AB339D874ABB0A4ED1B82985B431C5E694C0FF44575F0AF73F1E95A88D1
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.kkrunchy-7049457-1
Create hunting rule

PUA.Win.Packer.Kkrunchy-5
Create hunting rule

PUA.Win.Packer.Kkrunchy-1
Create hunting rule

PUA.Win.Packer.Kkrunchy-2
Create hunting rule

PUA.Win.Packer.Kkrunchy-8
Create hunting rule

PUA.Win.Packer.Krunchy-5
Create hunting rule

Win.Trojan.Genome-7559
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Dssdetection
Create hunting rule
Status:
Malicious
First seen:
2011-06-16 14:36:00 UTC
File Type:
PE (Exe)
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
0c1b69e790eb0b0bdec1b75842a5954b7ef3f824d07bc76262e270e6ab67aea2
2d7235934b285f05f59449964d59e48f2864a1cfd009f859de18d182ec49279f
4926b96164fb60d873073e001df509423e2935bea931191f26a938ebc1425629
53aea080cd433c61d90184c531d36de3d0f82649579997dce665f8f3f80039dc
75fe674bd8fac11a34e7f7b637f66d3aae066e0b78bff304d3c4f21db391c9b8
77a9652b29e432e9a9bdf2698fc841b88153739300f329d39fc8ada898390539
b2fcca31796bd8b38cadccf730710c298c702ab07e24b5d90e691ea047395026
c17b7612a5cd7b21ca202a966406d24d7d42047f13ba6254c5ea284d7d4fc764
d0ea4f900f8488c932a1cfdbe0309553f9cc11f578fd17ef1a92447e02e5b042
d172a71154aa9f8859c5ae2271c0ba716e772a99a23273818bc9a1fe8ee1a5d2
+ 1'350 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a399a577164bba13568d68d4ad05c4a2a6eda71bc97e5f1edb5462371330473f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/203153/
  
URLhaus
https://urlhaus.abuse.ch/url/203277/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA

Comments