MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebd0a53672107762483efcef26bcca3f35bc148136c2424083aae6273165868c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebd0a53672107762483efcef26bcca3f35bc148136c2424083aae6273165868c
SHA3-384 hash: 268c56430fe67115f2bad54bbe090f93b7393c7cfbe20a678b85898be98509b873208217e27ea40148aaddbcb56820e6
SHA1 hash: d6c3df6f155ee07862dfdc1b46e7b9b80c776889
MD5 hash: d0c24ac9a3f5df3b7dae53ca8daa13bc
humanhash: three-artist-vegan-queen
File name:SecuriteInfo.com.Trojan.GenericKD.33570011.3356.22167
Download: download sample
File size:224'256 bytes
First seen:2020-03-28 11:00:36 UTC
Last seen:2020-05-06 17:16:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 162a058fe68e5ba72d57835b9be02312
ssdeep 3072:dUWX9dco2J051nzHldUwSa1EbU2c1TOJcMUMHhmor4nv/Ov+:dUCb2JU1jldU+EbUrMUMHhm5Ov
Threatray 9 similar samples on MalwareBazaar
TLSH 2B24D63772925879C517527481E6D7F3A572BC101310EA1E3AE5FF333E708B29A6A8D8
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
3
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33570011.3356.22167.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kapers
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 19:38:00 UTC
File Type:
PE+ (Exe)
Extracted files:
2
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
suspicious
Similar samples:
458f18cc6d84a4c18e8319b9860a85ee68a0eac23a292d19500aea4d0d6db4d5
5355c506c4e860b1c35c4eade8e462ccea8b4da1ff5dfc2bd70437176a9217b5
5f6adcdc4b4d6b876c33b57ed612ca3707c49eb8b56d0b325ec79c6f0616c107
87e69df644cf7fa95ced9c33e3fcd4a88356baea18ac20c2aac042d223d7c4b8
8a80a763b2921dfeeeec8a9c75b06af7b37f4281541f959e6229b835b46f1185
a57337366ce7dc7b059633a944b048c25457841f2916573062973003793a0b0c
b2e6c6309b38be8d57c9164b837a1ec50ab97d980a4f1ec4575fe12f74bdc6c5
f288c2561c9bf16f79fe51998ed5426c242a3dbe2b402d37b71a731f8d070636
f6d884f1c1143ac60747136ff1f818fabe96c95a4d2b0f523295475453256d0b
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ebd0a53672107762483efcef26bcca3f35bc148136c2424083aae6273165868c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/331292/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/358439/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
URL_MONIKERS_APICan Download & Execute componentsurlmon.dll::URLDownloadToFileA
urlmon.dll::UrlMkSetSessionOption
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateRemoteThread
KERNEL32.dll::CreateProcessA
KERNEL32.dll::OpenProcess
KERNEL32.dll::VirtualAllocEx
KERNEL32.dll::WriteProcessMemory
KERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::GetStartupInfoA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::DeleteFileA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegOpenKeyExA
ADVAPI32.dll::RegQueryValueExA

Comments