MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cffb56dddf9b596328082781400f1b5a1d7a995719c78dbdcbe41b026c86010b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cffb56dddf9b596328082781400f1b5a1d7a995719c78dbdcbe41b026c86010b
SHA3-384 hash: c336d50bf237bb6b7959c483929457fb94a2600e3be81f6361d93ea1b0c2b8cb021f1feb11d949a0916093ff4279f9eb
SHA1 hash: 51a9b5977a9022ebcb1c10f2ff16eda2f764f4dd
MD5 hash: 2eb62fb669b5c02b41f80a4d1274e0aa
humanhash: september-mexico-five-summer
File name:vnhax.exe
Download: download sample
File size:1'204'016 bytes
First seen:2020-06-21 16:51:38 UTC
Last seen:2020-07-14 05:49:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 24576:/OtTZHrLwmk7TUCwC2YM+/NbxkvgT/II900hMJde3sa:/g4U3C2YM+/BxkvK500uJd6
Threatray 15 similar samples on MalwareBazaar
TLSH AD4522781F582F71EFA90A36D4E256674B3E95A24ACBD78F54C02ADD5C003F7E822847
Reporter James_inthe_box
Tags:exe

Code Signing Certificate

Organisation:Vernante Calec
Issuer:Ascertia Public CA 1
Algorithm:sha256WithRSAEncryption
Valid from:Jun 1 16:17:54 2020 GMT
Valid to:Jul 1 16:17:54 2020 GMT
Serial number: 23CD126BF45E563631C5019FCB0FAF4DFD775260
Thumbprint Algorithm:SHA256
Thumbprint: 3A535EC95C93824CA5345616290E1E5A4EF351B294406AAC9F248F719EEBE5E4
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/12374/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43294263.14372.23690.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 07:36:56 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0d852bfcbc49afecc18e426f7d694597966256d55c225a4ae798a7e98200b5ca
4bd12f48c0a5a1dd9a4c0dd17460f2941f3a1b2b11b95961b4092f07622eb5c3
76ff41be8f7f15dbb035fb27ad00cbd313d0d75745945b81642f10986fc83ffb
85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4
8759d45e142c15d4e4cc63fc147114ef52bb57623710552c4ba76f43face2524
88c93fb2359cc5f0da6886983c67d923955d210daf5a458e382d024124a67458
c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3
da0c0089713cfd5b47f425f23c23f9a9d82e62000873747dce1a73220319f93e
db4b9e3a0264451368c24fb5f9e9a8722bb0afc6fb184fca9a54b7cb1aec4249
df255af635a2dde04c031db95862f11e1bf44fe5cfc10d3b20bd4678ed818567
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
evasion spyware trojan discovery
Link:
https://tria.ge/reports/200624-xl68t88vxx/
Behaviour
Suspicious use of AdjustPrivilegeToken
Runs ping.exe
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Modifies system certificate store
js
Looks up external IP address via web service
Checks for installed software on the system
Loads dropped DLL
Deletes itself
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/12374/

Comments