MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed006d9a9e8d9577e332eaf3e1a7cc7ad183c08361e5968d4517600918806050. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA 1 File information Comments

SHA256 hash:	ed006d9a9e8d9577e332eaf3e1a7cc7ad183c08361e5968d4517600918806050
SHA3-384 hash:	f00ad03e8ae3408032b6d22070be69aed2acb7cf3ecfdf59edf6d3ea731d26082483b936b0f60420eb883df4043ef8a5
SHA1 hash:	bd032c45a3d54c4510b066d9087e9c07f3562b1a
MD5 hash:	38f82919ee5e3832542fdc3252451d3c
humanhash:	venus-east-missouri-moon
File name:	ed006d9a9e8d9577e332eaf3e1a7cc7ad183c08361e5968d4517600918806050
Download:	download sample
File size:	766'490 bytes
First seen:	2020-03-23 18:55:59 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep	12288:aOAA9LOwAHIC1rnzUaZjozhwaYTVgfTGp2ucqVg3tGVCFrn3:G0iYgnzUaZjoFqINucjbh3
Threatray	13 similar samples on MalwareBazaar
TLSH	58F423461D000AA8CDEF987BFA5349269E70D53D8107DDEADCDA5B8B3C76384273A60D
Reporter	Marco_Ramilli
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Banbra

Status:

Malicious

First seen:

2017-07-02 01:00:57 UTC

AV detection:

25 of 31 (80.65%)

Threat level:

2/5

Verdict:

suspicious

2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8

389875d4c35ff8da276f122cb6b4ebd1b1d65ce5da5c05defefaf40c2609dbaf

450224b458d5d44cbaf62d95e18face27de776ed227ba0f7dc7e12bd07f64c9b

4d9b89978e6ca9cf14cb1f04859e01e66c1e0dbefedd1663617647535c0b3fa0

6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986

75692c6d88025cd8de4afa58076bd2dfe2b3adbf536c13513bf1f9b99811e143

a0e9692a6a0f50890c03829cfc80dd4ef47aaf4ade8c2fd35a62c09d290171d3

b9c037384eaa82706baf7c3cd5e1550fe9ad24083edeb00e55d9da8198ea6ee3

e9cced0b9ebefdba76a527b00dcb635a37ea0274f5b8038e9eec809bf2a500e0

+ 3 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	win_krbanker_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe ed006d9a9e8d9577e332eaf3e1a7cc7ad183c08361e5968d4517600918806050

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/96164/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high
CHECK_TRUST_INFO	Requires Elevated Execution (level:requireAdministrator)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample