MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 e0d665ce6c533babcda80694cb2537da54f807ae9ed5fa519b4522e672e240be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 7
| SHA256 hash: | e0d665ce6c533babcda80694cb2537da54f807ae9ed5fa519b4522e672e240be |
|---|---|
| SHA3-384 hash: | 84b2303d6fc42930edafcb46be62049ff4ca8170a14c82bc223e9aa5175e448f4cc3f616c17d2dab3631521b261adddb |
| SHA1 hash: | dcb81124be9ec2e1ce78b1d7838d59dda6334fa4 |
| MD5 hash: | 9490e3167b7b328ce4ebbd3ed0830dcf |
| humanhash: | delta-white-uncle-lactose |
| File name: | SecuriteInfo.com.Trojan.Packed.24465.10372.5532 |
| Download: | download sample |
| File size: | 132'608 bytes |
| First seen: | 2021-04-12 10:57:17 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | b863a0170e8607b535791c6f08481ac9 (1 x AveMariaRAT) |
| ssdeep | 3072:V7EMQsVlaReZhphqrlT7MG9DqDseBguVdu4+rqv8kzY5Bed/rXz:mM+ReLQlpJqBBguF+rKLtdb |
| Threatray | 11 similar samples on MalwareBazaar |
| TLSH | 2FD3029EFD6A0A12FC45067489E7C4CC9EFBA9712D11302FEFB9A1AA10D0DD5E41913B |
| Reporter |  SecuriteInfoCom |
Intelligence
File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Packed.24465.10372.5532
Verdict:
Malicious activity
Analysis date:
2021-04-12 11:01:25 UTC
Tags:
n/a
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a file
Enabling the 'hidden' option for recently created files
Running batch commands
Creating a process from a recently created file
Sending a UDP request
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Signature
Drops VBS files to the startup folder
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Jundrop
Status:
Malicious
First seen:
2021-03-27 09:33:05 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 1 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
7/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Drops startup file
Unpacked files
SH256 hash:
e0d665ce6c533babcda80694cb2537da54f807ae9ed5fa519b4522e672e240be
MD5 hash:
9490e3167b7b328ce4ebbd3ed0830dcf
SHA1 hash:
dcb81124be9ec2e1ce78b1d7838d59dda6334fa4
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe e0d665ce6c533babcda80694cb2537da54f807ae9ed5fa519b4522e672e240be
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [C0026.002] Data Micro-objective::XOR::Encode Data
2) [C0052] File System Micro-objective::Writes File
3) [C0018] Process Micro-objective::Terminate Process