MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2ef46a1b6292f28c0caf08013577e8559c4b0a71bf6fc058968061a3d71ede2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2ef46a1b6292f28c0caf08013577e8559c4b0a71bf6fc058968061a3d71ede2
SHA3-384 hash: 76baa7c054630daafbe15e1c81d6834e842ca1a8730086c95937714b4d33771ed8622274bcac9b88d104e2659b00ee2e
SHA1 hash: 4678e87a393fedeed58c2a151efef17e221b161f
MD5 hash: d9c32681d65c18d9955f5db42154a0f3
humanhash: gee-sierra-north-sad
File name:SecuriteInfo.com.Trojan.DnsChange.10846.3052.26773
Download: download sample
File size:38'400 bytes
First seen:2020-08-05 14:35:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7903fa9e19394d4ae30a6ee4d9f8af14
ssdeep 768:uBjqgvACIryYcS8s3AslF+1kcyIFRg7zP1rMIo:ZCYrP+1kRIFRuPRMIo
Threatray 10 similar samples on MalwareBazaar
TLSH 7203F1DD6B085818E1530FB060B7028B0B19ED14E5DDB3B9FE6B4663CCB1D02FD5A292
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/39713/
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

SecuriteInfo.com.Trojan.DnsChange.10846.3052.26773.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a UDP request
Sending an HTTP GET request to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/411424
Signature
Machine Learning detection for sample
Uses known network protocols on non-standard ports
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 258032 Sample: SecuriteInfo.com.Trojan.Dns... Startdate: 05/08/2020 Architecture: WINDOWS Score: 56 34 Uses ping.exe to sleep 2->34 36 Machine Learning detection for sample 2->36 38 Uses known network protocols on non-standard ports 2->38 40 Uses ping.exe to check the status of other devices and networks 2->40 7 SecuriteInfo.com.Trojan.DnsChange.10846.3052.exe 2 2->7         started        process3 dnsIp4 30 23.236.69.114, 49738, 8114 ASIANETGB United States 7->30 10 cmd.exe 1 7->10         started        14 cmd.exe 1 7->14         started        16 conhost.exe 7->16         started        process5 dnsIp6 32 127.0.0.1 unknown unknown 10->32 42 Uses ping.exe to sleep 10->42 18 conhost.exe 10->18         started        20 PING.EXE 1 10->20         started        22 sc.exe 1 10->22         started        24 conhost.exe 14->24         started        26 PING.EXE 1 14->26         started        28 sc.exe 1 14->28         started        signatures7 process8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c2ef46a1b6292f28c0caf08013577e8559c4b0a71bf6fc058968061a3d71ede2/
Threat name:
Win32.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2019-12-01 16:20:35 UTC
AV detection:
44 of 48 (91.67%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
5075acc6c08d15588885a22a704f971b17e0714b81483889124dfec77577eb5e
581122114ad28f404b2cc4f8df5d77b6ed447f8f26f862960bb0181776bfacd9
6b85fd7249ceaf4a88f71ad1becb27b9c9a17b1c1bd2cb75f25cdc7b1318785a
88abb1fac4a77edb76cc29e112111e658e66eee14f1eaf19290739ec06b88090
91ccab55a241292f119e41c55467b08fd4fdade44fe0f9a36b5ad66848491c46
a50f9170ee444aa88d99e2215f2ee8c1c7d1c9b93f686ec403e34ff16b585b86
c1b349e159d5790a11fdb74b1f2311ac423557ecfad37d60ff3ef5219c5cee39
c5ff41e95d55a5be73417b732c5489578fd81fdfb3de455081bbab431c5cc127
d7f4b62e461376eae0f1665b68d315866b292b7ad2818c48fafb5c3102b76dc0
ef0116d9f61a26ad233dc3edc1990eb6c83b0398a593c65ef19f106008892eee
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/200805-7gtlr2m6es/
Behaviour
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c2ef46a1b6292f28c0caf08013577e8559c4b0a71bf6fc058968061a3d71ede2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c2ef46a1b6292f28c0caf08013577e8559c4b0a71bf6fc058968061a3d71ede2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/111541/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/424644/
Cape
Cape
https://www.capesandbox.com/analysis/39713/

Comments