MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed4aef67444c1b22bd8ef038a1544fbcc65b602111020db1a5a2a88e1964e4f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed4aef67444c1b22bd8ef038a1544fbcc65b602111020db1a5a2a88e1964e4f1
SHA3-384 hash: a39911744cb017478e2a37f3fd61723746a488a4276fce383cc8c8107f824941ce8f10039355a99f2c8e05a97964e200
SHA1 hash: 110e0e016d21283c3236601988d1eb59f75c47c8
MD5 hash: 2f481d95cc06a5173fe4730b9c9db794
humanhash: california-yellow-kitten-floor
File name:ed4aef67444c1b22bd8ef038a1544fbcc65b602111020db1a5a2a88e1964e4f1
Download: download sample
File size:35'840 bytes
First seen:2020-07-06 07:29:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5b4e734e734027217722fe4eb0093f3d (6 x SakulaRAT)
ssdeep 768:9wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv26u7D7:9wbYP4nuEApQK4TQbtY2gA9DX+ytBOb
Threatray 47 similar samples on MalwareBazaar
TLSH 44F2E0E0B6B788C8C99C563701371A49A520C4AF051092E77BCCB72DE8D6F11FE715DA
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Sakula
Create hunting rule
Link:
https://www.capesandbox.com/analysis/21313/
Detection(s):
PUA.Win.Packer.Mpress-7
Create hunting rule

Win.Malware.Scar-6745903-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
DNS request
Sending an HTTP POST request
Running batch commands
Launching a process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Deleting of the original file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ed4aef67444c1b22bd8ef038a1544fbcc65b602111020db1a5a2a88e1964e4f1/
Threat name:
Win32.Trojan.Sakurel
Create hunting rule
Status:
Malicious
First seen:
2020-06-27 19:18:24 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
sakularat
Create hunting rule
Similar samples:
00207fd3bf8a379ab27531ab47b13c775d2519f10df9c331d4d64e90bd5206b9
0a7a7d1ac7ad67365bb7dce90793263b5ca477a4e8bb95274928c90807d5129d
1e4c52155582f5eeb5c7a946c20c2030b3c90303f1b23eb2261a8b9a91a8594f
1f89b0759c021884b598c36f30779d2aba64800f3dec7fdd45e6263ec8d7be23
53497eda5fa82e772599ff5a303e488e19f85b12199c316514e6af6a79d88a46
88310a7eb0991c1088029656f81518ef578a45c786ca5b545bb355af0f36993d
a735f487179cdb2e5fb6a366750e12c774d485a6259cbdc8c0aa6f726b1992f7
f82e3cf3a8fedbb9e49f82a5c56464377d6e384662c6586db1c14cb9670fcc88
f9452431edaa0f16999474261e47d5215437d7075bc3895ce6dda4f19febee4d
fd7ee166a2ef80d3dc9668383540eade22f9cf7125a870bd0efb0f14b1239e31
+ 37 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/200706-tpw66661ke/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Runs ping.exe
Adds Run entry to start application
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/21313/

Comments