MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9ecdf87c4aaaf8b3ff46a06471db127ccbc48eb0d340eb299416a66b7733e89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a9ecdf87c4aaaf8b3ff46a06471db127ccbc48eb0d340eb299416a66b7733e89
SHA3-384 hash: 0a653828e3227e4cf5b6ed412d64aa0b4d624465d1b585db8bda77cf86d13153ec9b6d0c0eceeee666b2291c5aaa3748
SHA1 hash: 5c094dd0e32b90ae42ea3404666580610c655435
MD5 hash: adef37681905e04914e5cd9e4ce156e0
humanhash: grey-johnny-green-oregon
File name:a9ecdf87c4aaaf8b3ff46a06471db127ccbc48eb0d340eb299416a66b7733e89
Download: download sample
File size:207'360 bytes
First seen:2020-11-14 18:09:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1c7ab0e4c183931415ff18e5405878d9 (2 x ZeuS)
ssdeep 3072:oZ1MZbzSx8vhDVgfq/LVWfQm0cXE9lr3Nh7JYoONRNGKtKTkAVVeYaiXpdG:o3ybex81X/L0fQQ09lr9vGNGOKQ+SCo
Threatray 4 similar samples on MalwareBazaar
TLSH A914236CFE89DC2CCF7AA2731210C7D844BFD74495909BDAC2DCC15AA93A9659C1DC0B
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.EncPk-ABF.23660.18941.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/534977
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a9ecdf87c4aaaf8b3ff46a06471db127ccbc48eb0d340eb299416a66b7733e89/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2020-11-14 18:11:35 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
077c87d4fef3f9c93485d04bebcfc01bd976f76c93b165a8b02a35545aa41436
4c850cfff31192c9f8439e0b9e4127d0b419c9909d2c85e7e99a5bb0115db3c9
4e49f5147939257640ba4990f520c9dbe355c83b73d9deadfc8505c4a09f931d
94c9336a6e056520105481a9082e7e84c8a98a794a06b037c573bd9efc9df809
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201114-a38gznk6z2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
a9ecdf87c4aaaf8b3ff46a06471db127ccbc48eb0d340eb299416a66b7733e89
MD5 hash:
adef37681905e04914e5cd9e4ce156e0
SHA1 hash:
5c094dd0e32b90ae42ea3404666580610c655435
Link:
https://www.unpac.me/results/45c12f5d-f384-4fca-8d49-3cbca749aa75/
SH256 hash:
4f571654a501adf6dfe82751a3e32e844689ed389b0639f911717fc457040697
MD5 hash:
4713e95eb7bad38d4a6040cf4f907990
SHA1 hash:
d9cbac013b98d96aa671b79aa8d885e8b3eabd41
Link:
https://www.unpac.me/results/45c12f5d-f384-4fca-8d49-3cbca749aa75/
SH256 hash:
640fdc1f640cc042ae53e175e77c9b3a3fd0a69a99e1f27befb54a2a500241c1
MD5 hash:
45d236a9fdd6718bdba9dff9d6dee77c
SHA1 hash:
bdf584d504f4b0d93cb5469dd6252da58398bd63
Link:
https://www.unpac.me/results/45c12f5d-f384-4fca-8d49-3cbca749aa75/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Zbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a9ecdf87c4aaaf8b3ff46a06471db127ccbc48eb0d340eb299416a66b7733e89

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments