MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c42183cfccb111e02dd15b97aafdbc5c5ac409374c2f1e469195470b929741ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c42183cfccb111e02dd15b97aafdbc5c5ac409374c2f1e469195470b929741ce
SHA3-384 hash: 8ed236a18826b2f38a640750725a0b1ab2bea0dc5e7ecfed6c40779963533e89f04e477899df0b936c45c1401e4c0561
SHA1 hash: c2e93fb2ca36c9560ac5dcb4070b8db1a55e0245
MD5 hash: 2d8d290af0f945a5f17428c2d2f186ef
humanhash: charlie-may-nine-seven
File name:SecuriteInfo.com.CLASSIC.11784
Download: download sample
File size:135'168 bytes
First seen:2020-06-02 19:31:57 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 1536:nEG/SPfxV40U04WkgrKHxLdGKc+o0FDHdZ1gI+JZV3063EF+N:nEGqPXtPKVdhjFD9ziJHtN
TLSH 79D36A03FD4D8563C1448BBD2C569E792A1DBD080D402BEFB6B57F9BAE312412CA725E
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CLASSIC.11784.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 18:14:40 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
macro persistence
Link:
https://tria.ge/reports/201109-6eb63wt9js/
Behaviour
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Drops file in Windows directory
Modifies service
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates connected drives
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Microsoft Software Installer (MSI) msi c42183cfccb111e02dd15b97aafdbc5c5ac409374c2f1e469195470b929741ce

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374637/
  
Delivery method
Distributed via web download

Comments