MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 adc220109f73acdd307036a6d14bffa68103a48e2305c3a4f1533aab74d9deb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: adc220109f73acdd307036a6d14bffa68103a48e2305c3a4f1533aab74d9deb8
SHA3-384 hash: ef6c2a3fda73db00f2aa97e1fbbdd586b4397d0575e456d162903a7c0b8ec5ceee83480e43b151c1d9012715b64a90a3
SHA1 hash: abfc51fe7bc93d12d0d163b1f7fecae0a6a8e52e
MD5 hash: 3e05cdc35f300de783fcb3dcd71e4970
humanhash: seven-beer-utah-wisconsin
File name:adc220109f73acdd307036a6d14bffa68103a48e2305c3a4f1533aab74d9deb8
Download: download sample
File size:4'633'408 bytes
First seen:2020-12-29 05:51:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 98304:ocHxAWpnC6vMjoGDn8d1LqiYErL63aTrmOjaL8SIOv9r:TiWpogdVg9l
Threatray 39 similar samples on MalwareBazaar
TLSH 61268DD2A40561DFC88E2774982BCD46AD5D0EF907190CC7A86CB57B7EB7CD1227AC28
Reporter JAMESWT_WT

Code Signing Certificate

Organisation:Symantec Time Stamping Services CA - G2
Issuer:Thawte Timestamping CA
Algorithm:sha1WithRSAEncryption
Valid from:Dec 21 00:00:00 2012 GMT
Valid to:Dec 30 23:59:59 2020 GMT
Serial number: 7E93EBFB7CC64E59EA4B9A77D406FC3B
Intelligence: 85 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 0625FEE1A80D7B897A9712249C2F55FF391D6661DBD8B87F9BE6F252D88CED95
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
16x.exe
Verdict:
Malicious activity
Analysis date:
2020-12-25 06:43:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3896678b-2e3c-47b3-b6fb-896525ded7cb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/109681/
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

PUA.Win.Trojan.Generic-6629273-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Creating a file
Enabling the 'hidden' option for recently created files
Sending a UDP request
Creating a file in the %AppData% directory
Running batch commands
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/571152
Signature
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/adc220109f73acdd307036a6d14bffa68103a48e2305c3a4f1533aab74d9deb8/
Threat name:
Win32.Packed.Themida
Create hunting rule
Status:
Malicious
First seen:
2020-12-25 23:38:17 UTC
File Type:
PE (Exe)
Extracted files:
68
AV detection:
21 of 48 (43.75%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
37cb831726dc1877ea59cf5618e4fa224368bbd64a7047dec6fb554a6a17d4c2
57e0906e3b6e13fe8db13cc06ce37d957bfc045afa6e99e9cf8b893ceb57d018
7c3c41d8da242f6ae707daaf842c0c0afb4ff541e3b009c62e51bc7d93eca86b
7d5a92aa5833ef8a52ccdb4c0845f79fbf2f3a1645e7eadd5cab3b03a7eb4b00
a2f0a1d469d73a11c69afc9eb12000fa7f7652305d936a10d12dabce693f878b
a95255b520f721b807650a1de5feeefab46054029386cd0ce57c81daa3ac0248
ada1c5359c35e6b70c5a2d5533f9d725f86a1e155c8486bfd2941c9b40478ea2
b87a93613d0004b0d07eb302e75cd7030cb2a4bf466e92cec234e0abd8e6e727
b99887f1364955d2872bedadab15a15a51429ec8aeb111859d50e24a9fd31342
f8915227c25c5ac552d66f3708f615cd517363953829d3715f38666d7dfa9770
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion spyware
Link:
https://tria.ge/reports/201229-lnffchh47x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
JavaScript code in executable
Checks BIOS information in registry
Identifies Wine through registry keys
Loads dropped DLL
Reads user/profile data of web browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Unpacked files
SH256 hash:
adc220109f73acdd307036a6d14bffa68103a48e2305c3a4f1533aab74d9deb8
MD5 hash:
3e05cdc35f300de783fcb3dcd71e4970
SHA1 hash:
abfc51fe7bc93d12d0d163b1f7fecae0a6a8e52e
Link:
https://www.unpac.me/results/0426b453-d2c4-4211-bf3e-22abc7011fc4/
SH256 hash:
3d1a00246b914f0d5ebd95dc7cca1d62a954ef32d02092542c601e54c16c7647
MD5 hash:
abaed85ce1dd68788b9291ed761a511a
SHA1 hash:
273bac8e3a106b24898bf8ce0382738c8a3aa66b
Link:
https://www.unpac.me/results/0426b453-d2c4-4211-bf3e-22abc7011fc4/
SH256 hash:
19b4d189a73b79a73c2ddd678ed5ff7357d92494cf76a21372a58e3dce075d50
MD5 hash:
e5e521468e2a9f9b314e06e29116b5a9
SHA1 hash:
4044a4efd7998e8c4245e632b18056b089f0aa53
Link:
https://www.unpac.me/results/0426b453-d2c4-4211-bf3e-22abc7011fc4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Filecoder
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/adc220109f73acdd307036a6d14bffa68103a48e2305c3a4f1533aab74d9deb8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/109681/

Comments