MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc6297f7df4aca6dceda00c9812e06d20a3967924d4260df6909c1a86e36b415. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc6297f7df4aca6dceda00c9812e06d20a3967924d4260df6909c1a86e36b415
SHA3-384 hash: 61962d09c0ea95419ec28e516c4deaa950a00d02798d1762c20b5cf09ca53fb7a48d76bc7c28cf189c0cc245d4a0a9f1
SHA1 hash: 99eaac32d5b736d60b24f0a6d11e7c9ed7471925
MD5 hash: f6105f0206512388b1db423fbc7d969e
humanhash: yankee-oranges-lamp-virginia
File name:4b79c96a04f36219f3ca3ae4d8b9e417
Download: download sample
File size:1'155'072 bytes
First seen:2020-11-17 12:33:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03795b2014b56fa16b8afb9f49125cb0 (1 x Poison)
ssdeep 24576:bhCmp6NGN7B1CbPLGhTmnixy+QBabyYOOdjsEfVOELr7/:bGU7cLGhOiZQB6tdjjNOQr
Threatray 60 similar samples on MalwareBazaar
TLSH 5235AE12B592C0F6D678187118BA2B3AAA7596450A35EFC7E39CCE6C1C33251EF3721D
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Zusy-6840460-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Creating a file in the Windows directory
Sending an HTTP GET request
Launching a process
Creating a window
Connection attempt
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc6297f7df4aca6dceda00c9812e06d20a3967924d4260df6909c1a86e36b415/
Threat name:
Win32.Trojan.BlackMoon
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:37:42 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1999b762b70626f425b7b8d79318c6f595b9f54b3cad5281baf3c5a660223dfc
223c4c37f228f52c50e3edd45c5f6707e884cea244787baeeab4b7a3e878ffbc
31153d0989d41bd597297136f2457681ac68bb89051509bba7d52c10c554a09e
5837a7832672ac0677622937160294332e38522be0f65182e892a9dd4ea32483
5edc0beea63d8b8533a31663df2bc2e860607c9befbd5fefc054afec6ce18ec9
683fa4be9635d3399ee7eb05dde053930faa95aae3f022cdc0e13e5980438b43
8e3915f9ae220c0245e27de1ff632339aec8f12b80960f941c41e51ec1e25fa3
90924d67096320aa95b51034c85f09afd83dcecc5be6285b4d14d7973293eee7
9bf37ed8dccfa96632c6343a1c10d7868c564fb5a7a3c3e9917f2cbd45970fb9
b76d846d53579c309b7e02d219446447793369f4bf2200de08a1827cca337440
+ 50 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201117-sdseyh3pvn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
UPX packed file
Unpacked files
SH256 hash:
cc6297f7df4aca6dceda00c9812e06d20a3967924d4260df6909c1a86e36b415
MD5 hash:
f6105f0206512388b1db423fbc7d969e
SHA1 hash:
99eaac32d5b736d60b24f0a6d11e7c9ed7471925
Link:
https://www.unpac.me/results/bee9fb6a-189e-46fc-9668-431b42ca3935/
SH256 hash:
8c60c7fae98390f6c5a42e71c144ce21b6e2d3a82928d42858241eeeb2af370d
MD5 hash:
7285ce533a9de0997d9eda112d4958eb
SHA1 hash:
3f7cc7a0c83c249fff3914a157f3bc4aaca317cc
Link:
https://www.unpac.me/results/bee9fb6a-189e-46fc-9668-431b42ca3935/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments