MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5cd226f5a80952c21b7f5be3ea27139f00d4e7f3f21dd2bda213fab4a66fd98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5cd226f5a80952c21b7f5be3ea27139f00d4e7f3f21dd2bda213fab4a66fd98
SHA3-384 hash: ebb6e54af412ce054227c26de7ce9b9d569e6c251a57afe583a5f83dc439984be00e966cf76f96fde7a43ec926f837c4
SHA1 hash: d85030e0aaaa2fe5c7474a168105e32f8267a184
MD5 hash: a093c8ca4840964f7df7c63759ffb522
humanhash: black-arkansas-ceiling-chicken
File name:f5cd226f5a80952c21b7f5be3ea27139f00d4e7f3f21dd2bda213fab4a66fd98
Download: download sample
File size:393'826 bytes
First seen:2020-11-07 20:02:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 02eaa4851334f6695809b3d0a008cf6b
ssdeep 6144:XUZym0RsrJ3n0dK2NP0RHx8D98WTBPW8fF8oABm1nKZ:5hqwKhHSDeWTRW8fdebZ
Threatray 2 similar samples on MalwareBazaar
TLSH 2384AF11FB86C1B2DD9601324DAAA35CC4BDA5614F318BD3E3DC6F1E5E601D2A932BC6
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Trojan.Ipamor-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows directory
Creating a process from a recently created file
Creating a process with a hidden window
Sending a UDP request
Modifying an executable file
Launching a process
Deleting a recently created file
Creating a window
Replacing files
Creating a file in the %AppData% subdirectories
DNS request
Sending a custom TCP request
Changing an executable file
Delayed reading of the file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f5cd226f5a80952c21b7f5be3ea27139f00d4e7f3f21dd2bda213fab4a66fd98/
Gathering data
Verdict:
unknown
Similar samples:
1366f4d5c0588219b4370436f78445184acc1564804f430d9e65c08d10b14340
eb492e7ed795dad887f187c81dd2ab8f8b8d9d08a8b179e9bfd442dff436eaeb
Result
Malware family:
n/a
Score:
  8/10
Tags:
aspackv2 persistence
Link:
https://tria.ge/reports/201108-f1z1ygq6yx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Adds Run key to start application
Loads dropped DLL
ASPack v2.12-2.42
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments