MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc2d5417a6bf47d53c20c280f6e4b1a3e00dc0b6bbd3e26b2e591fd2f2dc4cc3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc2d5417a6bf47d53c20c280f6e4b1a3e00dc0b6bbd3e26b2e591fd2f2dc4cc3
SHA3-384 hash: b32e5768cb7d8c8796b1e1db2285edbc74723be585c21bf16dfff1b1d550ac55e123c5a54aa1196722f773bf457770e3
SHA1 hash: 820fcb951d1ac8c2fda1a1ae790f52eb1f8edf2e
MD5 hash: 444439bc44c476297d7f631a152ce638
humanhash: happy-hot-lion-bulldog
File name:SecurityTaskManager_Setup.bin
Download: download sample
File size:3'013'536 bytes
First seen:2021-09-14 16:44:53 UTC
Last seen:2025-01-24 03:56:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 60f2858f8c859062bd16000a4cb2a2ed
ssdeep 49152:4s+HgXcROcfipeyNcRmyQLCUOE+N+2JLKmltavtaKhGiD79l+90U:4s+9ROcapelxQLGEjscg6939l+V
Threatray 1'220 similar samples on MalwareBazaar
TLSH T1E0D5331374F2C0F3E6A15F701461C9A64FF8BD625639A947DBE802CD2A61741E2363BB
dhash icon e4c4c7c6ccc4d840
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
pikin.exe
Verdict:
Malicious activity
Analysis date:
2020-01-26 16:19:33 UTC
Tags:
keylogger hawkeye evasion trojan stealer
Link:
https://app.any.run/tasks/96e03ffc-11e9-4ef0-a6e3-8bcf6dd19526

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/187865/
Detection(s):
PUA.Win.Packer.Pequake-4
Create hunting rule

PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Searching for the window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/617510a69a5a1e91c5d2014d/reports/30290c95-3533-4f7a-b361-a69634f85851/overview
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/103fe3b7-7493-4fe4-b1b1-01a24692d95c
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
spyw
Score:
28 / 100
Link:
https://www.joesandbox.com/analysis/850845
Signature
Installs a global get message hook
Installs a global keyboard hook
PE file has nameless sections
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bc2d5417a6bf47d53c20c280f6e4b1a3e00dc0b6bbd3e26b2e591fd2f2dc4cc3/
Verdict:
unknown
Similar samples:
0cd1346813ea66e5ecb353180f0f01d9b2e53b230ccb5aece10e4366d632df25
25fa4f445a522467a2ae93388907c9d7ef7e14a68bc3a0db7ae29198d3abfe06
3c167530a131f9dc899b73b9eac971b38e44d41cf291893fde8e575602c2b846
48643d9ccc694960fb84f505524d0f148a0331a7e2569171ff3999dd60bc7154
4bb96e7c641e9f343965704cf4e7327e4448b83fc97cf1766f82ce61ac54d48a
72c0111e03467f4d49a26ab4e19de3494ef339fccf7a101bf22a1d7518f61a67
a33b31af132d492e1eb511ed37087a9c52af1f7dd575fa63634fa9b4170daaa7
a7b172d3fb0092b616e486d62a628e6fa09608d9e9a54773bc34fd37f2227a3e
efea5e4af45434b028bbb6f0f45e57d74cc37a0d46ba85921f456806d48bc97c
+ 1'210 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210914-t9dxasbacn/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
30620c01328c64a13f1fed0ba3d5a8faa8f6123269ace358fda8e83b308e93b0
MD5 hash:
557d5af205f6b5972d5354a199267791
SHA1 hash:
8a2580abfcaf54007bf578aa4af08fd1d9dcd1af
Link:
https://www.unpac.me/results/db580c3b-37a5-4553-b9b7-5b3a2700a27d/
SH256 hash:
bc2d5417a6bf47d53c20c280f6e4b1a3e00dc0b6bbd3e26b2e591fd2f2dc4cc3
MD5 hash:
444439bc44c476297d7f631a152ce638
SHA1 hash:
820fcb951d1ac8c2fda1a1ae790f52eb1f8edf2e
Link:
https://www.unpac.me/results/db580c3b-37a5-4553-b9b7-5b3a2700a27d/
Verdict:
Suspicious
Link:
https://www.vmray.com/analyses/bc2d5417a6bf/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.33
Link:
https://yomi.yoroi.company/submissions/bc2d5417a6bf47d53c20c280f6e4b1a3e00dc0b6bbd3e26b2e591fd2f2dc4cc3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/5c4354d5-a6f8-448a-bb3b-8cc4ddb794ce/
Cape
Cape
https://www.capesandbox.com/analysis/187865/

Comments