MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 d4a7dfda0870ae0d4b5759a136c824630a8f583f5e6c0067ae63894b97e0c978. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | d4a7dfda0870ae0d4b5759a136c824630a8f583f5e6c0067ae63894b97e0c978 |
|---|---|
| SHA3-384 hash: | 34a80d835b133377387901b4b136f2cbad810639ff5d205ab4e16ea6c574635ebb8882c72ce9486c9cf2cf3825505510 |
| SHA1 hash: | 7258ccab329cf330c3772e633a5bc3042cf1f041 |
| MD5 hash: | 939163783dc2a49f67650d560d622e04 |
| humanhash: | pasta-high-quiet-sixteen |
| File name: | 939163783dc2a49f67650d560d622e04.exe |
| Download: | download sample |
| File size: | 522'468 bytes |
| First seen: | 2021-05-09 06:13:07 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 08a879d554c99744f28f371eb1c590a6 (2 x ArkeiStealer, 1 x RaccoonStealer) |
| ssdeep | 12288:8Uf6GgYdyR6XH5Gwrt4Cl5YRc6tqe9XTyct3DHJJ:8Uf65YdyU359rt4RRFgU3DHJJ |
| TLSH | 4DB4F11235C1C076C1B625B64498CAB14EAEB4652B625ACF3FC81EBD6F247D29B3530F |
| Reporter |  abuse_ch |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d4a7dfda0870ae0d4b5759a136c824630a8f583f5e6c0067ae63894b97e0c978.exe
Verdict:
No threats detected
Analysis date:
2021-05-09 14:54:44 UTC
Tags:
n/a
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Tnega
Status:
Malicious
First seen:
2021-05-08 20:25:55 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
5/5
Unpacked files
SH256 hash:
d4a7dfda0870ae0d4b5759a136c824630a8f583f5e6c0067ae63894b97e0c978
MD5 hash:
939163783dc2a49f67650d560d622e04
SHA1 hash:
7258ccab329cf330c3772e633a5bc3042cf1f041
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe d4a7dfda0870ae0d4b5759a136c824630a8f583f5e6c0067ae63894b97e0c978
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [C0027.009] Cryptography Micro-objective::RC4::Encrypt Data
1) [C0021.004] Cryptography Micro-objective::RC4 PRGA::Generate Pseudo-random Sequence
2) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
3) [C0041] Process Micro-objective::Set Thread Local Storage Value
4) [C0018] Process Micro-objective::Terminate Process