MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2dc9258298926747843158ea28506df874f0810ba986112715ddee022455c1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 5 File information Yara Comments

SHA256 hash: d2dc9258298926747843158ea28506df874f0810ba986112715ddee022455c1f
SHA3-384 hash: 66c8d4bd93585126d0a03a149f34f886429d83619c7668f63b671f91af88dad0e57ac2eefca942a4615a519359bac542
SHA1 hash: ba7266f5bcc7a0c4c7eb32dda3c44d34843e3455
MD5 hash: fd9587868ca0c77f454421698d364e30
humanhash: early-hot-maine-early
File name:SecuriteInfo.com.Trojan.Mint.Zamg.O.30833.27687
Download: download sample
Signature n/a
File size:323'584 bytes
First seen:2020-08-01 19:36:22 UTC
Last seen:2020-08-02 07:33:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash da46740789185cf8e48d640cf013de55
ssdeep 3072:pWT3Rm+suj+FY+nuuso4d8bDoV6eAi7H3ypu+3Mc:pWrRm+7jqgvuRez6u+
TLSH 7264281172A8E559E1EB2630CD72CBE44A717C96B874CDAB26B0FE5EEC34640493077B
Reporter @SecuriteInfoCom

Intelligence


File Origin
# of uploads :
2
# of downloads :
34
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Sending a UDP request
Transferring files using the Background Intelligent Transfer Service (BITS)
Enabling the 'hidden' option for files in the %temp% directory
Moving a file to the %temp% subdirectory
Creating a file in the system32 directory
Creating a file in the system32 subdirectories
Using the Windows Management Instrumentation requests
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Behaviour
Behavior Graph:
Threat name:
Win32.Backdoor.Quakbot
Status:
Malicious
First seen:
2020-07-23 16:38:04 UTC
AV detection:
23 of 31 (74.19%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Behaviour
Drops file in System32 directory
Drops file in System32 directory

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d2dc9258298926747843158ea28506df874f0810ba986112715ddee022455c1f

(this sample)

  
Delivery method
Distributed via web download

Comments