MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abe3031332bae1f6a27965882c14a88f740514103b8532f2fb41ccc925879e59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: abe3031332bae1f6a27965882c14a88f740514103b8532f2fb41ccc925879e59
SHA3-384 hash: 28e7a93c7154c74c611345d3e55ee6c0e0733f05f73294153b2c9f0a6d3e337e274d18c9b691067d0479d4d033a1b94d
SHA1 hash: 53774f59471c425057a354ce23ecefe23618d17f
MD5 hash: b0682218a47029c11fcc837f2cd93be4
humanhash: sink-cold-asparagus-ten
File name:abe3031332bae1f6a27965882c14a88f740514103b8532f2fb41ccc925879e59
Download: download sample
File size:1'997'336 bytes
First seen:2020-06-29 07:09:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2e5467cba76f44a088d39f78c5e807b6 (131 x DCRat, 112 x njrat, 79 x RedLineStealer)
ssdeep 24576:OucZydfaOmJq+u+7Yx7BXkRQiEwydCeOx+6TMYMF87n7ctdN7Lit+vknncO5ZIm+:OruS95UbiQihx+6E87nQt//Pknd5mucP
TLSH FD9533993E8E9CEED7910CB490A089037BA15CB79302E49A4DDDE1D5ECE05BF107D9AC
Reporter JAMESWT_WT

Code Signing Certificate

Organisation:GlobalSign Timestamping CA - G2
Issuer:GlobalSign Root CA
Algorithm:sha1WithRSAEncryption
Valid from:Apr 13 10:00:00 2011 GMT
Valid to:Jan 28 12:00:00 2028 GMT
Serial number: 0400000000012F4EE152D7
Intelligence: 12 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: C977923C771E1A66C925A2B6F501732E678DC9887AFE6BFAAC039D1D9A71F0EC
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/15476/
Detection(s):
PUA.Win.Packer.EnigmaProtector-19
Create hunting rule

PUA.Win.Packer.EnigmaProtector-1
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/abe3031332bae1f6a27965882c14a88f740514103b8532f2fb41ccc925879e59/
Threat name:
Win32.Trojan.Vasal
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 01:36:24 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware
Link:
https://tria.ge/reports/200629-gqzmc9wz3x/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Looks up external IP address via web service
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15476/

Comments