MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2a307a15f392b72cc51b12a1061c6ad7a2e76843754ee3d2e7b8ba0bc17e540. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2a307a15f392b72cc51b12a1061c6ad7a2e76843754ee3d2e7b8ba0bc17e540
SHA3-384 hash: 5463e9fec50daab3b7dfa25bae66d5ca86addc052059c0a30c9423c57bf123de6f5324c693bcd6288bb1e3766fc70c60
SHA1 hash: 7ecb58aa7555b3a738e2e171609f5992777b314a
MD5 hash: c2c3728011504054471bfb4ea6293163
humanhash: wisconsin-burger-black-kentucky
File name:SecuriteInfo.com.Win32.Packed.Enigma.EY.2095
Download: download sample
File size:8'469'504 bytes
First seen:2020-06-14 10:45:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c0258905aea7340f593784cb31a64926 (1 x CryptoBot)
ssdeep 196608:HAk9Vw1UIJIUUsy5Rm7ozAk3V7RPnPfcVF+1k5+yxbVxBE470ExOtBv:HACVj0IoYmi3fKQ1C+EbVs4jx4
Threatray 37 similar samples on MalwareBazaar
TLSH 5E863317A919DA09FA1C0EBF269320169911A4BCC663A92DCF7BB440E770DFE16DC4D3
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Predatorthethief
Create hunting rule
Link:
https://www.capesandbox.com/analysis/10169/
Detection(s):
SecuriteInfo.com.Win32.Packed.Enigma.EY.2095.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-06-14 10:38:47 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
15fca9cc94b9a0632fe98a3a15e0c75d1f3ff2ce42a47d7b9d76217ca4bfca05
2b6160a9720ed2cf3b818dafc81e4f092111d4df2e0db161b994b39a5ceb78f3
346fdff8d24cbb7ebd56f60933beca37a4437b5e1eb6e64f7ab21d48c862b5b7
3d990368ceffb435fd2163b10b1b463152d387967de24bd154b627ede96a0326
52e5077f573fa1bad88627d62d9609ca40b463f3a3762209da7f65ae43bc8582
991c4166a2246ca5ae9186a1e747f5eb767fdbd304dbfa1c5f4a2019cb6b4aec
b78996718e94fe9cf9cc228f474b774fd7bd54133762d183ba2e6c141b3a218a
cf5a86737ab13ec2ea858e0d7c635c3a3c79d1deda05e79a81dd1b470dcb0942
ec837014dcb222fd3780d0730e297c9a09786cc57a42a9da092c9199c1f9660b
fb98989e3e598841af7312f2d7eb011d9dafcd031caf39e39e7208ba37590ad5
+ 27 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
discovery spyware
Link:
https://tria.ge/reports/201109-yfnj752mj2/
Behaviour
Checks processor information in registry
Modifies system certificate store
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
ServiceHost packer
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Unknown_PWDumper_Apr18_3
Create hunting rule
Author:Florian Roth
Description:Detects sample from unknown sample set - IL origin
Reference:Internal Research
Rule name:with_sqlite
Create hunting rule
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c2a307a15f392b72cc51b12a1061c6ad7a2e76843754ee3d2e7b8ba0bc17e540

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/389783/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/10169/

Comments