MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15
SHA3-384 hash: a89279469e42969217cbd237d1e8f1e0539b8c45431a577ccaad0074a0f0afdc9b5ea139226acb27cc2173a40b94f9cd
SHA1 hash: 3b3acb4a55ba8e2da36223ae59ed420f856b0aaf
MD5 hash: ae17ce1eb59dd82f38efb9666f279044
humanhash: undress-fish-maryland-two
File name:a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15
Download: download sample
File size:31'555'072 bytes
First seen:2021-01-30 12:57:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 28a916d6b78a382785a15f19983c52ea
ssdeep 3072:iPeWvEMw6DUooTpnWsvkfQXBQ2MrNOzVAfrrBD7:ww67oT4H4L+p
Threatray 5 similar samples on MalwareBazaar
TLSH 2967002991E3BE97EBB941246779CE0261B274C8A33BCD2F9D38287565331404E9E53F
Reporter JAMESWT_WT
Tags:ZINC ZINC attacks against security researchers

Intelligence

File Origin
# of uploads :
1
# of downloads :
158
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15
Verdict:
No threats detected
Analysis date:
2021-01-27 16:54:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b4e57b60-d7ed-4b0f-a26d-aa144b470d11

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/114881/
Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/591268
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 344676 Sample: i7osamUvE3 Startdate: 26/01/2021 Architecture: WINDOWS Score: 52 16 cdn.onenote.net 2->16 18 Multi AV Scanner detection for submitted file 2->18 20 Machine Learning detection for sample 2->20 8 loaddll64.exe 1 2->8         started        signatures3 process4 process5 10 rundll32.exe 8->10         started        12 rundll32.exe 8->12         started        process6 14 WerFault.exe 20 9 10->14         started       
Gathering data
Threat name:
Win64.Trojan.ComeBacker
Create hunting rule
Status:
Malicious
First seen:
2021-01-21 07:57:36 UTC
File Type:
PE+ (Dll)
Extracted files:
2
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
11fef660dec27474c0c6c856a7b4619155821fdd1ce404848513a2700be806a5
6e6d3a831c03b09d9e4a54859329fbfd428083f8f5bc5f27abbfdd9c47ec0e57
9e562cc5c3eb48a5f1a1ccd29bf4b2ff4ab946f45aa5d8ea170f69104b684023
c23f50c8014c190afa14b4c2c9b85512fb3a75405652c9b6be1401f678295f36
e413e8094d76061f094f8b9339d00d80514065f7d37c184543c0f80c5d51bd80
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210130-wqahm7az86/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/114881/

Comments