MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb
SHA3-384 hash: c1b3eb62fef27754529222fcc7d6bef5a7d4be838a025cd51e1ece8c76e7bd7547f65a52c00dc1f800f9ec68ebced82f
SHA1 hash: 5b2bfc673012d02f27299db6929a144fd2517f93
MD5 hash: c2337bf726d285b3e59ef7f26f388bca
humanhash: timing-bulldog-leopard-avocado
File name:WYhCe.exe
Download: download sample
File size:105'984 bytes
First seen:2020-07-07 13:12:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 66a367ccc5963e9848bc44cfb4270bf7 (2 x Smoke Loader)
ssdeep 384:tnQqN4n3DqonVMpJ6vs1IdqBjBgHS0jBK1vOmmF8FqPT344IlBMT:u3Tqo6svhcpBgHSqgvOPmY4/lBMT
Threatray 39 similar samples on MalwareBazaar
TLSH 19A3B435B990CCA5D479A23AECE3A65B33A11D14ED104A023151F7EE2D3B92C97791FC
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/22303/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Running batch commands
Launching a process
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Creating a window
Reading critical registry keys
Creating a file
Deleting a recently created file
Replacing files
Launching a service
Creating a process with a hidden window
Stealing user critical data
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb/
Threat name:
Win32.Trojan.Scrami
Create hunting rule
Status:
Malicious
First seen:
2020-07-04 06:20:00 UTC
File Type:
PE (Exe)
Extracted files:
11
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
3b81d08379c1f899938518da9bcaccb302565f2f51cd754c201a8c57efe2f380
4245088e2600188006929bc88f455b57e849ef1748c0bda3e9bd3c4dd23ae017
77867995d1e8388230c9f71fee5e835b346bfcfef3fde418c6a773eea11b4afd
7c9eba57cb8262a908dc10929cf38b8e4e0af9f5a3f69bdf226b151761580e91
81c7545ad871b477660e586efb7ce289931d3bc089ba4c0c9f615ecb144f0a76
82686d76af9091e9988d8814900e65641e76d1cbedb261b9496a87708f7dd01f
c7ab7dce5d2ed6eceaa6047479f76981c101e436b16d91f857fd8a573859fe14
ce2644d2d9973ab0a3004942cef2d74d210882bea29d8b698c7af02d308b289e
e5d73714c09ee0fe864523ce30b3bd1a77190adedd278861df0a3ba22bea2d9f
e9e099041f67a2d9aa3088393503bb566166e65fdf97447e48fe26b5447e6f61
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200707-sstvvpnwva/
Behaviour
Runs ping.exe
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of SetThreadContext
Checks for installed software on the system
Reads user/profile data of web browsers
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PowerShell_Case_Anomaly
Create hunting rule
Author:Florian Roth
Description:Detects obfuscated PowerShell hacktools
Reference:https://twitter.com/danielhbohannon/status/905096106924761088

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/22303/

Comments