MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a62827d89a7c64c0a93f419fc55a00f70c95759bbf39edeb9a5e7ab60b524914. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a62827d89a7c64c0a93f419fc55a00f70c95759bbf39edeb9a5e7ab60b524914
SHA3-384 hash: 9f1d93ebbafd98e3171296b4d519b8f660b85ede7fb8cb379bba879913c6e6367650155062058260fc5c133ee852e955
SHA1 hash: 1b5e3d19495e46ae92169398d01176cd3b59b894
MD5 hash: 0103d36de2702e7249ee2bf5a7e3bd52
humanhash: diet-cardinal-winter-aspen
File name:SecuriteInfo.com.Trojan.Ciusky.Gen.6.28782.16819
Download: download sample
File size:1'672'249 bytes
First seen:2022-05-11 09:49:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b4070734502a100c8f90bbd445995533 (11 x CryptOne, 5 x DCRat, 2 x njrat)
ssdeep 49152:4u4miow9L9XSbO72ZQki+EWOK5GHile0kd:4u4HL4Za+x5GHiIxd
Threatray 1'164 similar samples on MalwareBazaar
TLSH T1C8759C057E70416BC91E36B38D12CF927CBD6C98EE2D6D86F26A1507C77C360A91AE43
TrID 91.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.6% (.EXE) Win64 Executable (generic) (10523/12/4)
1.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
0.6% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
245
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/269651/
Detection(s):
SecuriteInfo.com.Trojan.Ciusky.Gen.6.28782.16819.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Sending a custom TCP request
Launching a process
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/17114/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed setupapi.dll shdocvw.dll shell32.dll update.exe
Link:
https://www.filescan.io/uploads/627b86e391db101969cc4821/reports/f8a7c4eb-1891-4a7c-a679-3638dff0be71/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1acf00c8-60a0-42f5-a505-c208da33230a
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
8 / 100
Link:
https://www.joesandbox.com/analysis/991743
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a62827d89a7c64c0a93f419fc55a00f70c95759bbf39edeb9a5e7ab60b524914/
Threat name:
Win32.Trojan.Ciusky
Create hunting rule
Status:
Malicious
First seen:
2022-05-11 10:16:47 UTC
AV detection:
11 of 26 (42.31%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
02fb1251acee80ba75a46ec46d3722dbfad5531df786601c9a46e12a24240071
1934ca02e1627b6127c65310ffe6be91e216d53bfa4b90d0fe5ec4912c17e4cd
3e7cf8b2e3f6d13ecfccc5eb1cfb57dfe12303e3315500cecf37f53687a3c784
4fc7f1f57853c21506349c98a90fce183a1e68509ea78fbea79e22c13bec4ad2
5c729dcf3f65f1a27e00e7597b5c8897d59c191dc0649718c46cc503abe88148
b9738738d885cb91e88c24692c61f6c1459992420a01bc061239d682cc7eabf6
df70e51b8184f55f8c2ead6b202814b71417b0986aa71a56b5d1dd07275f084e
+ 1'154 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220511-ltxqgagce5/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
a62827d89a7c64c0a93f419fc55a00f70c95759bbf39edeb9a5e7ab60b524914
MD5 hash:
0103d36de2702e7249ee2bf5a7e3bd52
SHA1 hash:
1b5e3d19495e46ae92169398d01176cd3b59b894
Link:
https://www.unpac.me/results/f93c04c9-f7c8-4160-829f-20c624afe0cc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a62827d89a7c64c0a93f419fc55a00f70c95759bbf39edeb9a5e7ab60b524914

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a62827d89a7c64c0a93f419fc55a00f70c95759bbf39edeb9a5e7ab60b524914

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/269651/
  
URLhaus
https://urlhaus.abuse.ch/url/2189476/
  
Delivery method
Distributed via web download

Comments