MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5e4f8cf4a6691806c1fa4f0718cae9d5ff5ad41088b57a4cbcdabed09dcba2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5e4f8cf4a6691806c1fa4f0718cae9d5ff5ad41088b57a4cbcdabed09dcba2e
SHA3-384 hash: feaee72d94e5f55df4e9223a6e16d9241bc6dbb7d60db09ae322fbfe56f1ce9642777fe1f05b3d80c3f750d7fb45c2e2
SHA1 hash: 690510874ed0bece808fab7c77c4376c10ba14bc
MD5 hash: 551e88cd6543eb02745b93b938d1a432
humanhash: bulldog-utah-early-alabama
File name:RS__.bin
Download: download sample
File size:160'256 bytes
First seen:2020-07-06 09:57:17 UTC
Last seen:2020-07-06 10:50:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2c5f2513605e48f2d8ea5440a870cb9e (60 x Babadeda, 6 x AveMariaRAT, 5 x CoinMiner)
ssdeep 1536:o7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfiwWfT83whOp:m7DhdC6kzWypvaQ0FxyNTBfi5Ng
Threatray 18 similar samples on MalwareBazaar
TLSH 77F35C42B2D141B6D9E1063134A6727A87376E249B20E9DFD78C3AC2DF325F075392E9
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/21458/
Detection(s):
PUA.Win.Packer.Purebasic-2
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Running batch commands
Launching the process to interact with network services
Launching a process
Creating a file
Creating a window
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f5e4f8cf4a6691806c1fa4f0718cae9d5ff5ad41088b57a4cbcdabed09dcba2e/
Threat name:
Win32.Trojan.Starter
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 14:14:00 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
01f936785968394ba82a93a816c897d77879a247b12621b42e12b2a7592a4f6d
05a8800b05cf0c4293f9dcc297873f36691161746aec7b65e31b0e32c8f0bebb
076dfc0a55afc36cdfd6dff84cfd0feae23029843e745b7f122980b341f7b710
238c224cf8d0b76532ae16f8a8d2682436a176909f382b8747e418f42ccaedeb
28d1ce2d141fcfc52b6b8a81f5424920ba2818a14e8ac201446697ff977082de
329e8814efa351d1c58c275981a39cf0a9ef0f50d8eb8db9bbb8f70020d75204
3ae3550b6baf30136ce9b846725c3322f23ee8428c2984750a2cfe02843993e9
bc9204be92ac0bd373bc0153d02be668ad82d382ebcc112fa8c252e6f9c67080
e6db6d5f9019bdefffc749264a267c1927dcf5eba5a7ea3dfb10db457b6b2a16
fadcffc72696cb639334be446d2aeb90743b270276f48b730efbb59b73505a85
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200706-tqyxgnrccx/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Runs net.exe
Views/modifies file attributes
Suspicious use of WriteProcessMemory
Runs net.exe
Views/modifies file attributes
Drops file in Drivers directory
Drops file in Drivers directory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/21458/

Comments