MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b05a3383d846cfb3c60eb9d4c494964e15defc9fc767263be629913240b42353. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b05a3383d846cfb3c60eb9d4c494964e15defc9fc767263be629913240b42353
SHA3-384 hash: 9e47b129ab98dc9490e35afc623ec8e34c0709b35bad3a6c2639a49576fe13792c961c44664e5a1e14faec761b372316
SHA1 hash: 10333d742c97d9f990a80c773c02cc62123b0557
MD5 hash: 9a0b42f13cf2355c61f0353599f286ad
humanhash: red-crazy-beryllium-uranus
File name:b05a3383d846cfb3c60eb9d4c494964e15defc9fc767263be629913240b42353
Download: download sample
File size:626'176 bytes
First seen:2020-06-17 09:17:27 UTC
Last seen:2020-06-17 09:42:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 671c7f325791e6db2f291845aadad7e5
ssdeep 12288:gSomyUhbE/rEzJhnZkIvqZaQXCM5rRzWLGwjcMzYS+5VLtYOtzXOZa2bL2HtvrR:gNmy+Y/wddZxvhZydkRjT5WtYOBIa2ba
Threatray 199 similar samples on MalwareBazaar
TLSH E8D423859B904417F4D1F8309F6E81CF5D748CAE8949C3B2FEB520EF8A5B5A1D883587
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
2
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19295/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.BlackMoon
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 18:03:00 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2514f7c0a5815b1208a348e078fe32cdff4e00bb7bf0298f7e8ad85312ec76da
3016eacec1bd033e76ea07a84a8eb04c9e069cd1700e9162e2479ba9bcfa2387
4567d8265b3dec803dfa668da8045b70df22802447b48f385fc4eab009648c4c
5dea44a2d2fc0b39ac006a205011b1fe30ef15ad69536f263ced6423a8280a1d
5ef93b76b923b5e541eab0060d613166f92d4571dc5fede5109fc501bd78b050
7d56b15beb55a2a77afce882394f2ca64a5477ae0ba35536309b19a785d688d3
9ee229fcd77b94c87652d669cbcc05ad0966f2aa8a51e555e33ff5d990b87d3a
bb10d53967d703dd945777d9b9b38e03bd3c90fa77e68e7082678a9b02b40235
f6d53e15abbb9743eabf99eb208843494ba8092d426e253ff96bf00b6271c068
fb8aef0f4faaf86fed3ed65eb84b8a1a5b3a50605e5f4e6f341de33e898d3775
+ 189 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-543jsbcdg6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19295/

Comments