MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc1455e3a479602581c1c7dc86a0e02605a3c14916b86817960397d5a2f41c31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc1455e3a479602581c1c7dc86a0e02605a3c14916b86817960397d5a2f41c31
SHA3-384 hash: 69f45a4c5422a12bda19e7ada82d96d74b779d795990867069a04ad5d586b727fc50f5d196832402d8e108014da5113d
SHA1 hash: 2ab0501d9417017740c057c29b9faf0e22f28b40
MD5 hash: c25b127b623a24cd30b71e8978b1fa13
humanhash: winner-robin-zulu-paris
File name:cc1455e3a479602581c1c7dc86a0e02605a3c14916b86817960397d5a2f41c31.elf
Download: download sample
File size:53'656 bytes
First seen:2020-11-17 17:30:26 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 384:qPyLYFN26JSbsmrqbgVzVtwmgsQLrbTBUShbXJsr8ATyOgYGOe9TJ2y7ZxgUuiad:gfeT9jgY0gnih03KpZrn1ObdseH0xG
TLSH 5A33C72BB542C6BCC09AF2B45AEF80B0A863B4F49B21620F7744177B7450FA45F3B695
telfhash d6f0c042b93eab0501f748708df447e60187a14354711b15df10eac1483ea06e618e4d
Reporter Arkbird_SOLG
Tags:elf PWNLNX Winnti

Intelligence

File Origin
# of uploads :
1
# of downloads :
151
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DDoS-BH.16174.1669.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc1455e3a479602581c1c7dc86a0e02605a3c14916b86817960397d5a2f41c31/
Threat name:
Linux.Trojan.WinNti
Create hunting rule
Status:
Malicious
First seen:
2020-11-16 21:44:21 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-k4xw193q8n/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/China/APT/APT27/2020-11-17/Yara/APT_APT_27_Nov_2020_1.yar
  
Delivery method
Other

Comments