MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5acccf9cda0f0ff2063de3983bc8964b9020d30feff2e3a8b20800d3c4fe034. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	f5acccf9cda0f0ff2063de3983bc8964b9020d30feff2e3a8b20800d3c4fe034
SHA3-384 hash:	8cd746986a6b22235cbe8559f02ed330c90fb475f63ba9f8fd4049e7ba76b0247e4ead2a0615558f46fea4fc5f59421a
SHA1 hash:	0ccb73c9f9c2f3578c689ecadbde7105446fdcf0
MD5 hash:	6d167737690cc603a6aa7672c2672bf7
humanhash:	autumn-lamp-moon-maine
File name:	SecuriteInfo.com.BehavesLike.Win32.Generic.hc.27086
Download:	download sample
File size:	574'976 bytes
First seen:	2020-05-25 06:51:17 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d5435c066a092bc8f4d10887960ace0a (1 x Gozi, 1 x RaccoonStealer)
ssdeep	12288:iNTGvQaPh4nhPvbHwEysON8GkuRRco5Mvh:iNTGXv5SVuRl5Q
Threatray	32 similar samples on MalwareBazaar
TLSH	A9C4F142B293D831C522C633AA49C7B42E5DB6208E7135CA2394EF7F29B61D39563F17
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

1

# of downloads :

64

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.BehavesLike.Win32.Generic.hc.27086.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-25 04:12:03 UTC

File Type:

PE (Exe)

Extracted files:

58

AV detection:

24 of 31 (77.42%)

Threat level:

2/5

Verdict:

unknown

Similar samples:

01b44b9b3c3a6d3fc638b9a64e25ed866379539dddd9590290f71175352a9b23

5d31ded12c6a8943f96522d5353af0d3bbb9a5ee81cef07db1c14c7cc0f117c6

92f61cc6548277705585cc0c28d553093323d802a1d0d2e9fe618ebeaa6752fa

a06a77bd973a602f49aff3fa3a116c62d38f0e0c1842e9dca97531a68d1a3884

a356d92ade4d8d537ea6dfabe765d4cd2ff851faae1d4551b91e50b47aac216f

be3d1522f968ad7cc46a996a64b5e5be8044075f6bd1784046e46671bf416b45

c84d98524bf72eac034a406063c9d25b3bceb254d3d03f1d68e018320c2fb506

ca9cc4ff6c8597a999bf16b9f64f709b48add9b3ae2a2556cde2a80cdc75fa4e

d538dfafbdf6ac115c24dbdd68c65dbef6460808dd2c4f3fc01d5e15bfc2f902

fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9

+ 22 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-lbkte3cdg6/

Behaviour

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

Drops startup file

Loads dropped DLL

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe f5acccf9cda0f0ff2063de3983bc8964b9020d30feff2e3a8b20800d3c4fe034

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/367714/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample