MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3b2ff8c1d0d00c708a0217e985a20a45789e92e99a7a9b0699cc232196a8687. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3b2ff8c1d0d00c708a0217e985a20a45789e92e99a7a9b0699cc232196a8687
SHA3-384 hash: d457510944b92acb73a0312fbe6d4c0d50c2899a10730792893d9e459835cf1a27337ffdc1e5379d8d69af217b0e462a
SHA1 hash: d32d8925e37bdef71867c1eff162a2b1b3a8325a
MD5 hash: a1ecfb801dba523241a96343d82ee9ff
humanhash: william-pluto-emma-lemon
File name:a1ecfb801dba523241a96343d82ee9ff
Download: download sample
File size:73'728 bytes
First seen:2020-11-17 12:03:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 39041a41cfd9a478e2830bce7808a5e5
ssdeep 768:jWnw1owYOWJOaogZd6aXfLCYRew5NdYD9Oty/N/X+YVhP5itZfP6v+Xy6e:qnw1owctfDkwdYBEmNfP8Sv+Te
Threatray 5'452 similar samples on MalwareBazaar
TLSH 0D73763EB6967456E386A47AB9A783C156273DCC6E47C1D2520A772E4C31ED8073EB03
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Html.Trojan.VBChinky-3
Create hunting rule

PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Delayed writing of the file
Enabling the 'hidden' option for recently created files
Creating a process from a recently created file
DNS request
Connection attempt
Unauthorized injection to a browser process
Unauthorized injection to a recently created process
Creating a file in the mass storage device
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling threat expansion on mass storage devices by creating the autorun.inf autorun file
Enabling threat expansion on mass storage devices by creating a special LNK file
Enabling a "Do not show hidden files" option
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e3b2ff8c1d0d00c708a0217e985a20a45789e92e99a7a9b0699cc232196a8687/
Threat name:
Win32.Trojan.Chinky
Create hunting rule
Status:
Malicious
First seen:
2020-11-08 13:42:00 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0a2c2bdab9f7ae76394afc7d00744302299e1939121ca27f026c810f273d9ed0
0f865ea5da07ebc805df7ea205e25e14271b0a475b278846c33f3733c4723a7e
89a0a6c2f66912d41d6ee18f974d100937e0d7c76588698132e29408710b4231
8ae9a72b45764de26190fe3367f958027e1e0d67a87637ab733fe743a6434667
97291d050f42723384c4b3cd3cce46fb001411d93568ccf574cca1d22e14fcc8
acd781dfe44f61dafb6b3fc6f648c4833b96872caca16e7d746c914987979dd5
b9a9ec05af5b7ca80af675e1c9a6d1582775d1949d35b475111a8a8b32ac4a2a
d79b2421672e269c39ae41a6504e0d28f9b76e3f57d8c1c4c502ad0b9387a39e
ea8a5f241926eb0af59ee79ce2c80bbc87efb30bf160efe2fad7db5520115504
ebbbd733c438f0d526502859f6baaae6e7864426fe7946a4881c47ce306eef69
+ 5'442 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion persistence
Link:
https://tria.ge/reports/201117-1lxzpj9vx6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Modifies visiblity of hidden/system files in Explorer
Unpacked files
SH256 hash:
e3b2ff8c1d0d00c708a0217e985a20a45789e92e99a7a9b0699cc232196a8687
MD5 hash:
a1ecfb801dba523241a96343d82ee9ff
SHA1 hash:
d32d8925e37bdef71867c1eff162a2b1b3a8325a
Link:
https://www.unpac.me/results/f128a5cf-d592-4f6f-b1d9-63690c2ca7f6/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments