MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d027858db60106f36cdfebd87fce4f4882f79efdbc878b4793e47a02663560d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d027858db60106f36cdfebd87fce4f4882f79efdbc878b4793e47a02663560d4
SHA3-384 hash: d33dbc9c031a1481934f584e627e54755af1a705bd28ed2cfa2ffae1b9261b1679ee38650a83420c5dcf37fff24772f7
SHA1 hash: a2fc4a16b440a8c08e463510e884a7cf9cefbb32
MD5 hash: e88afd14375444498bc7e4eeea334a6c
humanhash: rugby-early-triple-uranus
File name:SecuriteInfo.com.Win64.TrojanX-gen.1498.14141
Download: download sample
File size:3'584 bytes
First seen:2025-02-23 20:19:16 UTC
Last seen:2025-02-24 11:14:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e82dd51b077167be63c004bed23d0c1e (40 x NetWalker, 2 x GuLoader, 1 x ShikataGaNai)
ssdeep 48:6IZUBQYxZul2EywS6DUOVjk7QLzgzIzQz4zAzo157D9N9XM/geu3ahr0/x:2BQMZ7EywS6D/F++D9vXeg
TLSH T11B71A381605056F2D94CA3BF8487B8A5FD4EB248A2C80B0B0398981A2F7147BB1D9623
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
39
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win64.TrojanX-gen.1498.14141.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67bb830528ab76d43a5cc891
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Connection attempt
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cobalt microsoft_visual_cc obfuscated packed
Link:
https://www.filescan.io/uploads/67bb82ff3afc3763bec2b0e3/reports/42e756de-494e-4944-9a9a-c6601c661249/overview
Verdict:
Malicious
Labled as:
Mikey.Generic
Link:
https://www.hybrid-analysis.com/sample/d027858db60106f36cdfebd87fce4f4882f79efdbc878b4793e47a02663560d4
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Knight
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2d13feec-167f-457e-831d-5f961935066a
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1622382
Signature
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Potentially malicious time measurement code found
Behaviour
Behavior Graph:
Download SVG
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/d027858db60106f36cdfebd87fce4f4882f79efdbc878b4793e47a02663560d4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d027858db60106f36cdfebd87fce4f4882f79efdbc878b4793e47a02663560d4/
Threat name:
Win64.Trojan.Mikey
Create hunting rule
Status:
Malicious
First seen:
2025-02-16 23:18:28 UTC
File Type:
PE+ (Exe)
AV detection:
26 of 38 (68.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2atyldnwaedpg3g75pmh7tspjcbpphx5xsdywr4t4r5aezrvmdka._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250223-y4hqhswmem/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Verdict:
Malicious
Tags:
red_team_tool
YARA:
Cobalt_functions
Link:
https://app.threat.zone/submission/251e7deb-6d04-4d24-96db-356c63b52b89
Unpacked files
SH256 hash:
d027858db60106f36cdfebd87fce4f4882f79efdbc878b4793e47a02663560d4
MD5 hash:
e88afd14375444498bc7e4eeea334a6c
SHA1 hash:
a2fc4a16b440a8c08e463510e884a7cf9cefbb32
Link:
https://www.unpac.me/results/d65bb56d-4319-4fec-869a-f9cce084a472/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d027858db60106f36cdfebd87fce4f4882f79efdbc878b4793e47a02663560d4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d027858db60106f36cdfebd87fce4f4882f79efdbc878b4793e47a02663560d4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3450249/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments