MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d33a9b8def5c0bc379362bf5924cd9697d2b219bcc412399814b160f9627c3c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	d33a9b8def5c0bc379362bf5924cd9697d2b219bcc412399814b160f9627c3c3
SHA3-384 hash:	4ea83ce5565e56e0fa91d7627c31d657cd0d74f5d1d6fea1e4f1d259c8df25e6382b89bc2c06656db3fbc3852d4054ab
SHA1 hash:	88fe1c6a27465982c0afb3f8d67af7a689ab6b38
MD5 hash:	5a84b7e9b987e61f3543d65938afdb86
humanhash:	mars-zulu-tennessee-illinois
File name:	SecuriteInfo.com.Generic.mg.5a84b7e9b987e61f.13776
Download:	download sample
File size:	17'790'641 bytes
First seen:	2020-05-20 17:45:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ae9f6a32bb8b03dce37903edbc855ba1 (28 x CryptOne, 18 x RedLineStealer, 15 x njrat)
ssdeep	393216:Kti4xCEUG0z72+EpCkub5DgsJjpVZ6Vmyujs1h+gazi4xdPJUkQz5H:ektGe2+Ec70sJ1f6UyAga+4xA75H
Threatray	275 similar samples on MalwareBazaar
TLSH	BA073393B3A29112D53A1D7024F4D3A20DFC7CD26B604A7E77A8711C5FF5A812EA6B07
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

1

# of downloads :

82

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Generic.mg.5a84b7e9b987e61f.13776.UNOFFICIAL

SecuriteInfo.com.Generic.mg.7118444d587a1d65.31770.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Rms

Status:

Malicious

First seen:

2020-05-20 16:08:41 UTC

File Type:

PE (Exe)

Extracted files:

90

AV detection:

15 of 31 (48.39%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1

2d725c799e8787ef98e26cb025144cbe405aef31bc4ddd2011c80c09efa87400

5e4cb5b794577345c50a2012ee0ece2301012527d17646d984a253781bcd39c9

689290a8b842a0fd09f5ce00654d64d70d0be3e19e2ca60d5dd3d199d3e09054

9f452d7d0048825bc6a35952dd645d68e6b5788858481998c660b8b31d1e1b63

b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7

e38724644ed4643ebcdea6b0ae8345bf094d9f6e6d81b0acb244f96a3129077e

ed34d4eba0bc7d434f32bb9bca0147632592656ddf0c2aa892fbee54b0850ff1

f40b9e6f7cfed63bba3b6eae6b0403ab26906caa77830027ed39a05918c4b877

fcbdafcedb7e9d18b0c8b640e375975320e6f74fd4170fea17b2ca210215d855

+ 265 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

4/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-2h87bbbptj/

Behaviour

Modifies Internet Explorer settings

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks processor information in registry

Enumerates system info in registry

Modifies registry class

Office loads VBA resources, possible macro or embedded object present

Drops file in Windows directory

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe d33a9b8def5c0bc379362bf5924cd9697d2b219bcc412399814b160f9627c3c3

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/365383/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample