MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4be8a038fc4b681a850d8ecaecc1f663d41bf27daf4f1af9c4cee1a3f63ae1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4be8a038fc4b681a850d8ecaecc1f663d41bf27daf4f1af9c4cee1a3f63ae1a
SHA3-384 hash: 78d9ae0ec4ad4f64a3cfc243de5005a4ffa1b39e2e412e71f954651b4a1dead85e5f59ad147a3a4d15d6d2c5b632701a
SHA1 hash: 2c1fe0b24421f96708a83baa134160df7fa1b038
MD5 hash: 5cbe538f98b32398b42edcdf102cc98e
humanhash: salami-sweet-mountain-social
File name:SecuriteInfo.com.Trojan.Siggen9.47262.23815.30640
Download: download sample
File size:3'980'800 bytes
First seen:2020-05-19 23:37:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5c0c69843f1f0de03c4ddb6a238982ea
ssdeep 98304:zASfLBYKTQuneqFWUm41sVomuS4htrL4X1CKss:zAStEuneq5aomuS4nrL4f
Threatray 93 similar samples on MalwareBazaar
TLSH 180633D2A6A784B1D23332B24074EE846E1BAF64DE7745432BF6021F8E54B451DF32AD
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47262.23815.30640.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Antiav
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 19:18:31 UTC
File Type:
PE (Exe)
Extracted files:
32
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
39264a6f15e8a51bab03924312a3dd05fc58a8d2b4aac39ca00e4cf16c9a21a9
5851f851fd3f4818e16bcf8ac00b723f43d2efd4b2d1acd3c506a8d32f8de14b
788eb685943b452608a07a44d75be4c5806f1374461596a6ad7cce5569fcf77e
7ff8aa2e44c022e4876cc1ecbdb46aec2e790a36bcadcadeca059ad62593370d
86fce58f93e4087e261c52befbb872ddafeb8129008d5153c90084cd4a4a45d0
9f0c58f568c713eb2a7fc4836806a3e70bcdb41d05bfc75a1f815c64d856afde
b7db5b70b15ebac71e0aa8d7cb4e5f663171721b03157644cc2880a38337048a
c006abbb1bae333e5973f9c419bfd9c3c721698cf2cf3ffbd1048fdfb4de811b
cb1ffa5cd81d50702ee7296cd788a66fa8d5aa422e5cb4cdaca5a2ea4322141f
ed65d62376f71cd4ee0dfd8f1f9b43787de42dd85da310ab8b4e90abef7681a0
+ 83 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery evasion persistence trojan
Link:
https://tria.ge/reports/201109-lhz2jbvtra/
Behaviour
Creates scheduled task(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Drops file in Windows directory
Modifies service
Adds Run key to start application
Checks installed software on the system
JavaScript code in executable
Loads dropped DLL
Windows security modification
Executes dropped EXE
Modifies Windows Firewall
Drops file in Drivers directory
Modifies boot configuration data using bcdedit
Windows security bypass
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f4be8a038fc4b681a850d8ecaecc1f663d41bf27daf4f1af9c4cee1a3f63ae1a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365004/
  
Delivery method
Distributed via web download

Comments