MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2dc9258298926747843158ea28506df874f0810ba986112715ddee022455c1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2dc9258298926747843158ea28506df874f0810ba986112715ddee022455c1f
SHA3-384 hash: 66c8d4bd93585126d0a03a149f34f886429d83619c7668f63b671f91af88dad0e57ac2eefca942a4615a519359bac542
SHA1 hash: ba7266f5bcc7a0c4c7eb32dda3c44d34843e3455
MD5 hash: fd9587868ca0c77f454421698d364e30
humanhash: early-hot-maine-early
File name:SecuriteInfo.com.Trojan.Mint.Zamg.O.30833.27687
Download: download sample
File size:323'584 bytes
First seen:2020-08-01 19:36:22 UTC
Last seen:2020-08-02 07:33:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash da46740789185cf8e48d640cf013de55 (1 x SystemBC)
ssdeep 3072:pWT3Rm+suj+FY+nuuso4d8bDoV6eAi7H3ypu+3Mc:pWrRm+7jqgvuRez6u+
Threatray 1'263 similar samples on MalwareBazaar
TLSH 7264281172A8E559E1EB2630CD72CBE44A717C96B874CDAB26B0FE5EEC34640493077B
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/37114/
Detection(s):
SecuriteInfo.com.Trojan.Mint.Zamg.O.24416.13119.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Sending a UDP request
Transferring files using the Background Intelligent Transfer Service (BITS)
Enabling the 'hidden' option for files in the %temp% directory
Moving a file to the %temp% subdirectory
Creating a file in the system32 directory
Creating a file in the system32 subdirectories
Using the Windows Management Instrumentation requests
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/407034
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d2dc9258298926747843158ea28506df874f0810ba986112715ddee022455c1f/
Threat name:
Win32.Ransomware.AvaddonCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-07-23 16:38:04 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821
12f87dd075fc12c2b6b15a1eb5ca209ba056bb6aa2feaf3518163192a17a7a3b
9c8cfe466f5b79ab2f9052450bc00d3b4b4ad9ed7c3c8f8dafbfa89a5afba76c
a0023ed551a57c336b69dcf494bbf83549ef8ce570fcb273333cf1abbc2863cc
a1ea6e27f13d729c388d0cf8a22f07407bf52290d0b68f4d4da1637d3a2b8eea
bd6840cc208517847e130db0c847e715ba80a88e210e6383b37c1d0381877ee5
d62a40010c67fd83e79a6307c7be774a26ddf38f05c71785936227f3b6882584
d95b7c505dbb3905f88c71bb1efedfe716a0d65862a622eb932f3d774a07a740
e52d446a99ecb9ca9f18365bab6f30e2cc1f6a97f668ea6ac38ce2a9b9ae3784
e892dbc4036d53ede078f61452515f549d8bac9a471adff6c3a9bad0b99965d2
+ 1'253 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/200801-yq6zakyg7x/
Behaviour
Drops file in System32 directory
Drops file in System32 directory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d2dc9258298926747843158ea28506df874f0810ba986112715ddee022455c1f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/418380/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/37114/

Comments