MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f245e9b94930c77f626bdc4d74f7d03f48557cb206175876da42033186da6410. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f245e9b94930c77f626bdc4d74f7d03f48557cb206175876da42033186da6410
SHA3-384 hash: e48062aa4688c84ecc15387ff9ed417a170719247ce2400aa959f0b34a94ef10edcb723f91ae1e4f6d5ab122a34988ce
SHA1 hash: 9374073cbfdda04402cc4c64937a7eecb802d622
MD5 hash: 34bd9b901914a3051989e95ce2a47ba3
humanhash: chicken-white-vermont-mango
File name:SecuriteInfo.com.Variant.Zusy.354598.7638.1727
Download: download sample
File size:2'222'640 bytes
First seen:2020-12-10 16:40:44 UTC
Last seen:2020-12-10 17:33:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9c308f20a1a23bcb10775bb39e1f564a
ssdeep 49152:JhTZ36HKhx9s09H2BH71viJ5lnxFuOMnawjYosl1p:JhTZKqhfvH2BH7tiJ5lxFLyTjYZ1p
Threatray 21 similar samples on MalwareBazaar
TLSH 6CA5F6E431257A03D5E845719598F7EDB8900C41E71AFA3A69B3F80C223D6E0B8757FA
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PGP_Desktop_for_Windows_10_1_keygen_by_KeygenNinja.exe
Verdict:
Malicious activity
Analysis date:
2020-12-10 12:39:35 UTC
Tags:
trojan rat azorult evasion loader stealer socelars pony fareit kpot adware cracknet
Link:
https://app.any.run/tasks/bbbc763c-0132-47bf-a378-d401ec86c6e0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107663/
Detection(s):
SecuriteInfo.com.Variant.Zusy.354598.7638.1727.UNOFFICIAL
Create hunting rule

PUA.Win.Trojan.Generic-6629273-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a file in the %AppData% directory
Deleting a recently created file
Reading critical registry keys
Replacing files
Creating a process from a recently created file
Creating a process with a hidden window
Creating a file in the %temp% directory
Running batch commands
Launching a process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f245e9b94930c77f626bdc4d74f7d03f48557cb206175876da42033186da6410/
Threat name:
Win32.Trojan.SelfDel
Create hunting rule
Status:
Malicious
First seen:
2020-12-09 23:30:06 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318
1d452b5f3e5d2b6623d0ca35793dfc051e1bf8b237e360906ed055e819235604
563ee97396c60bb7d587d98e95d68109cfe9b0a924860bee678e1e4da196bb64
7a79f0c95e891b939e275fa19e641b676f2eb70471945fb3b15d6a649cafe071
9ad452c41af7ed761449a51cca42b89827921f70f564331a4eed7a191c37c325
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
b841402ba599fba5dc3b4775aa53e26445a49c4d7df1fa8e64d26c4cc16c5083
d8dbe0a74ff4d70f5633f8177f37c14cd1586d7a658ecf72d05f59261e8ad016
e0a34b9c420ddd930b3f89c13c3f564907dd948e88f668a0fe55ce506220bd73
e36fbebbd9a00db5c31da4e517edd42fc34b3ddd3a36c17060e1a28e6108b834
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware
Link:
https://tria.ge/reports/201210-t126qexfge/
Behaviour
Runs ping.exe
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Deletes itself
Reads user/profile data of web browsers
Executes dropped EXE
Unpacked files
SH256 hash:
f245e9b94930c77f626bdc4d74f7d03f48557cb206175876da42033186da6410
MD5 hash:
34bd9b901914a3051989e95ce2a47ba3
SHA1 hash:
9374073cbfdda04402cc4c64937a7eecb802d622
Link:
https://www.unpac.me/results/01057ef9-c014-4ec2-9c17-ed424b0ae868/
SH256 hash:
a48bdfb04893db26fad494ff4e9a88e49dd2ce5edcf191c9e536c8a56c44c54c
MD5 hash:
33f892e267241602492b20b6755a96a9
SHA1 hash:
62ccbcd582c73c86f9381ec733fa206daed76784
Link:
https://www.unpac.me/results/01057ef9-c014-4ec2-9c17-ed424b0ae868/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f245e9b94930c77f626bdc4d74f7d03f48557cb206175876da42033186da6410

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f245e9b94930c77f626bdc4d74f7d03f48557cb206175876da42033186da6410

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/904816/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/107663/

Comments