MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c55e08d6e6c2e023b5a43da121e84f62ee770c3d1fe4b708189a80838c337946. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c55e08d6e6c2e023b5a43da121e84f62ee770c3d1fe4b708189a80838c337946
SHA3-384 hash: 70f2bf3e64fb0077e15e36b9f943399503235887e200a89172afda44b52c2feafcf7841a8343a88a2bbb82d3bb740c76
SHA1 hash: f54c4a56e2f85db75c2241c62c3779bdc17a3432
MD5 hash: c5ba3e86125ae2856c4629a177d098ae
humanhash: ohio-jersey-vermont-alabama
File name:c5ba3e86125ae2856c4629a177d098ae.exe
Download: download sample
File size:2'688'673 bytes
First seen:2022-02-08 18:49:45 UTC
Last seen:2022-02-08 20:51:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 49152:h2P0vj2BZNmAowkap/KeEd0wPqimgP036mjAlpQnGZspog9Yr:bvjomH5wKeEdrnPS61lpQGdKA
TLSH T19FC533CF86BCCA95EED8C439849A4A31629D184CB10138537AB752F28F7F7852785C9B
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/238495/
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.83185.10451.29313.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/6202bba5c79b424d7208eb61/reports/a9d56706-51d2-4841-b06c-a3ba7f544a94/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/499dd389-a655-488f-8d34-12f66624f06e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/936533
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c55e08d6e6c2e023b5a43da121e84f62ee770c3d1fe4b708189a80838c337946/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-02-08 18:50:25 UTC
File Type:
PE (Exe)
AV detection:
11 of 27 (40.74%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220208-xgx19adbhp/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
bf0121b091b89672446cb9b86261c3003b5c669534f0e9013301e6d3c427f9eb
MD5 hash:
c23f5b2cfc94a1b5470e0c7b5526ca4b
SHA1 hash:
80810b8adf2d99e3e1e067dd06d3bd352494964e
Link:
https://www.unpac.me/results/f45c0989-84bc-4001-aece-9c6671d5d59b/
SH256 hash:
c55e08d6e6c2e023b5a43da121e84f62ee770c3d1fe4b708189a80838c337946
MD5 hash:
c5ba3e86125ae2856c4629a177d098ae
SHA1 hash:
f54c4a56e2f85db75c2241c62c3779bdc17a3432
Link:
https://www.unpac.me/results/f45c0989-84bc-4001-aece-9c6671d5d59b/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c55e08d6e6c2e023b5a43da121e84f62ee770c3d1fe4b708189a80838c337946

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2020190/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/238495/

Comments