MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddb2fe21a642e366de6e54f5a371484961d513499a4a637e49f07f321df3da6f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ddb2fe21a642e366de6e54f5a371484961d513499a4a637e49f07f321df3da6f
SHA3-384 hash: 9791a81de4ab4cbba862abea325101bc24acc64981c18f03ff2e750f42f98a7604bac44f6a1796df360d193b84ecc003
SHA1 hash: 0e1f8d75dd3f90ed9e913c3df663987820a6f479
MD5 hash: 46aee0b49da89b9b03a05f299719b272
humanhash: speaker-seven-cat-pip
File name:SecuriteInfo.com.Trojan.GenericKD.34226926.14648.6749
Download: download sample
File size:103'424 bytes
First seen:2020-07-29 14:26:23 UTC
Last seen:2020-08-02 07:33:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 63f7aa5f711dbcf74608dfc77a7e9b38
ssdeep 1536:ZQbTtkz9N6F2nmVsgDnN+CSPI3z+1Tbo6RqzosWXd09dlcr6xl+:KbT6r6YmV3rPyI3z+Zo6nMWrql
Threatray 16 similar samples on MalwareBazaar
TLSH B8A35B6B72E534FCE5338279C9A05909D3B2B87106728FAF43A046561F276D19E3EF60
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
3
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/34974/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34226926.14648.6749.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/402720
Signature
Contains functionality to check for running processes (XOR)
Contains functionality to inject threads in other processes
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ddb2fe21a642e366de6e54f5a371484961d513499a4a637e49f07f321df3da6f/
Threat name:
Win64.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-07-23 02:29:52 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
01c6b2a06466f980c13e384814d8fabb76d50ee93b53bcdfc0b27d6a5d9b90f4
210560d23e3c023c90bd24ed0d76c68732dc267277fc6adcc3c991cb611bb06a
46c79161fd1c1762286f0faeb76f8b885225466281e3ccea8cd81d3403e3b0d3
6a77cecfbb060c07f1de1d91ff4ce7e194b7188e21aea98a261b4a6518aa9af4
79b5482b4c782cf8336701470de400c788089677dea8464daf218c4fb876eacb
980fb51b13fc0116ca06b8e5d8116569942b53eb4ae54c33b62e731f149cb136
b0d360976e94a2c0da9eb583141897bf4bc865871df3504748f1a9d2868b8144
b52a0c3633e8b6f99df84102aa766de955aeb1a8c42c6efa6f06b3d7d155ab8b
ce1cba4461c9e999067572915bc3f2d6ff9c114b4e643a65b61b44e71084d30a
e0ab92dc90ec04322ed7af1ba02f1b3b3ba0f662183edc41efc1896117634dba
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200729-slzrq77kgx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Exploit
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ddb2fe21a642e366de6e54f5a371484961d513499a4a637e49f07f321df3da6f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ddb2fe21a642e366de6e54f5a371484961d513499a4a637e49f07f321df3da6f

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/34974/
  
URLhaus
https://urlhaus.abuse.ch/url/421364/
  
Delivery method
Distributed via web download

Comments