MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d20959b615af699d8fff3f0087faade16ed4919355a458a32f5ae61badb5b0ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d20959b615af699d8fff3f0087faade16ed4919355a458a32f5ae61badb5b0ca
SHA3-384 hash: 4e8592e2a8d13b724a01765fa7f4d9fde8ee7d1267d521e4983cc1737066a0c699bafe227762938b8f4c28cf9c9396a3
SHA1 hash: 871b08e580e99507501368c967b736e5c1cd38c0
MD5 hash: c7c8019f4b5314cd2543ab2ac65d3ea4
humanhash: lion-low-potato-vegan
File name:d20959b615af699d8fff3f0087faade16ed4919355a458a32f5ae61badb5b0ca
Download: download sample
File size:52'736 bytes
First seen:2022-09-08 07:09:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ac3f628d04ce62edc0f49268efa422bd
ssdeep 768:bZ8IGo3lsHQ8a2/xrgFPj3uo60hkmzIBtryEDgXnrmZgba:ndGHW2Ng1j3u0PIBhmn
Threatray 6 similar samples on MalwareBazaar
TLSH T13D33391673A1C432E06225345979C2B21B7F783246B5C79BBB9407BD0FB07C0AE7976A
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter JAMESWT_WT
Tags:apt38 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
343
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
MPCmdRun.exe
Verdict:
No threats detected
Analysis date:
2020-12-23 05:27:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/87d19a00-87e1-4875-bd04-6677d67e3829

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/308659/
Detection(s):
Win.Dropper.Detected-9964281-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/37020/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware greyware
Link:
https://www.filescan.io/uploads/631995c6d94ccae41084b5f6/reports/28f8feeb-b320-4cad-a3fe-91f16b3e9d94/overview
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/66ebe271-bba4-4ce4-a49c-786c4ae6ca91
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1066918
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d20959b615af699d8fff3f0087faade16ed4919355a458a32f5ae61badb5b0ca/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2020-07-22 17:58:25 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
26 of 41 (63.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ievtnqvv5uz3d77h4aip6vn4fxnjemtkwsfrizplltbxlnvwdfa._file
Verdict:
malicious
Similar samples:
2d5e2831e24496bd74a7a2317f824657905cdadaeb00f5c6e33e9b75c5231a2f
4fcda5517e6673b3233c58d4738b079c6f944ce746dfc3b1dbf87f475f8ff364
4ff431768417c7103657b6554962998af3b2f90180e6f19e66e671b4f706061c
ebb7be9831bb93c4dbb72057ce647791ee53f37a680443793d67cc6a0d9bbf5e
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220908-hzcqpsbbdl/
Unpacked files
SH256 hash:
d20959b615af699d8fff3f0087faade16ed4919355a458a32f5ae61badb5b0ca
MD5 hash:
c7c8019f4b5314cd2543ab2ac65d3ea4
SHA1 hash:
871b08e580e99507501368c967b736e5c1cd38c0
Link:
https://www.unpac.me/results/4ebaecc2-5182-4d15-bbf7-669c66dc866f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d20959b615af699d8fff3f0087faade16ed4919355a458a32f5ae61badb5b0ca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/308659/

Comments