MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f245e9b94930c77f626bdc4d74f7d03f48557cb206175876da42033186da6410. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: f245e9b94930c77f626bdc4d74f7d03f48557cb206175876da42033186da6410
SHA3-384 hash: e48062aa4688c84ecc15387ff9ed417a170719247ce2400aa959f0b34a94ef10edcb723f91ae1e4f6d5ab122a34988ce
SHA1 hash: 9374073cbfdda04402cc4c64937a7eecb802d622
MD5 hash: 34bd9b901914a3051989e95ce2a47ba3
humanhash: chicken-white-vermont-mango
File name:SecuriteInfo.com.Variant.Zusy.354598.7638.1727
Download: download sample
Signature n/a
File size:2'222'640 bytes
First seen:2020-12-10 16:40:44 UTC
Last seen:2020-12-10 17:33:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9c308f20a1a23bcb10775bb39e1f564a
ssdeep 49152:JhTZ36HKhx9s09H2BH71viJ5lnxFuOMnawjYosl1p:JhTZKqhfvH2BH7tiJ5lxFLyTjYZ1p
Threatray 21 similar samples on MalwareBazaar
TLSH 6CA5F6E431257A03D5E845719598F7EDB8900C41E71AFA3A69B3F80C223D6E0B8757FA
Reporter @SecuriteInfoCom

Intelligence


File Origin
# of uploads :
2
# of downloads :
125
Origin country :
US US
Mail intelligence
Gathering data
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PGP_Desktop_for_Windows_10_1_keygen_by_KeygenNinja.exe
Verdict:
Malicious activity
Analysis date:
2020-12-10 12:39:35 UTC
Tags:
trojan rat azorult evasion loader stealer socelars pony fareit kpot adware cracknet

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a file in the %AppData% directory
Deleting a recently created file
Reading critical registry keys
Replacing files
Creating a process from a recently created file
Creating a process with a hidden window
Creating a file in the %temp% directory
Running batch commands
Launching a process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.SelfDel
Status:
Malicious
First seen:
2020-12-09 23:30:06 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware
Behaviour
Runs ping.exe
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Deletes itself
Reads user/profile data of web browsers
Executes dropped EXE
Unpacked files
SH256 hash:
f245e9b94930c77f626bdc4d74f7d03f48557cb206175876da42033186da6410
MD5 hash:
34bd9b901914a3051989e95ce2a47ba3
SHA1 hash:
9374073cbfdda04402cc4c64937a7eecb802d622
SH256 hash:
a48bdfb04893db26fad494ff4e9a88e49dd2ce5edcf191c9e536c8a56c44c54c
MD5 hash:
33f892e267241602492b20b6755a96a9
SHA1 hash:
62ccbcd582c73c86f9381ec733fa206daed76784

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f245e9b94930c77f626bdc4d74f7d03f48557cb206175876da42033186da6410

(this sample)

  
Delivery method
Distributed via web download

Comments