MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e9e099041f67a2d9aa3088393503bb566166e65fdf97447e48fe26b5447e6f61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e9e099041f67a2d9aa3088393503bb566166e65fdf97447e48fe26b5447e6f61
SHA3-384 hash: ad950ad5d1aeff7e0a6ceb908435678954a31f328d54e675077d0250579304c01c1990ccd19eedc2bf26d99926e13b15
SHA1 hash: 440a2598ffa5d05c43401d2bc4cd891b2d8ba14c
MD5 hash: 161bed65887762d55290b8a298aef0f3
humanhash: nebraska-virginia-social-bakerloo
File name:file.exe
Download: download sample
File size:248'832 bytes
First seen:2020-07-07 15:11:57 UTC
Last seen:2020-07-07 16:02:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d1806f06cfd7d457d67a0e9018af83d7 (1 x TaurusStealer)
ssdeep 6144:CuXJRvqAXYB3b6GAdjqeYtn176z3ObAYM41sucTyuzhkx:3ZZ7XPdRk6z3OsosucTnVkx
Threatray 11 similar samples on MalwareBazaar
TLSH 72348D13B5814432F2210533B878EFE4456D6A340D268EE3F7DE592FAAE44D2D6217EB
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/22354/
Detection(s):
SecuriteInfo.com.Win32.Heri.14331.19587.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Reading Telegram data
Creating a file
Deleting a recently created file
Replacing files
Launching a service
Running batch commands
Creating a process with a hidden window
Launching a process
DNS request
Sending a custom TCP request
Creating a window
Reading critical registry keys
Stealing user critical data
Deleting of the original file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e9e099041f67a2d9aa3088393503bb566166e65fdf97447e48fe26b5447e6f61/
Threat name:
Win32.Trojan.Zudochka
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 15:11:40 UTC
File Type:
PE (Exe)
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
074a27ca162b894fea8bd9446e45b40e5342a07024589f3ad28e873d7fd9d8c8
4245088e2600188006929bc88f455b57e849ef1748c0bda3e9bd3c4dd23ae017
4d02a7969e34cdedb37997496c951b9e37f40eb8228deef6e436a3781ce00966
77867995d1e8388230c9f71fee5e835b346bfcfef3fde418c6a773eea11b4afd
82686d76af9091e9988d8814900e65641e76d1cbedb261b9496a87708f7dd01f
a500f27709fb009950d25abae11f25c6e8e0205d15931530467ecfb342a661ad
b332db990c3d504ff0dd990bb23eca935e49588faecc2cc425cea865a8c547c6
ce2644d2d9973ab0a3004942cef2d74d210882bea29d8b698c7af02d308b289e
e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb
e5d73714c09ee0fe864523ce30b3bd1a77190adedd278861df0a3ba22bea2d9f
+ 1 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware discovery
Link:
https://tria.ge/reports/200707-l3ww7ke8sa/
Behaviour
Suspicious use of WriteProcessMemory
Runs ping.exe
Suspicious use of WriteProcessMemory
Runs ping.exe
Checks for installed software on the system
Checks for installed software on the system
Deletes itself
Reads user/profile data of web browsers
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/22354/

Comments