MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5f8ba796aab82ddf835d0e16e2d9e8bfe9c0203257e12cecf98e6d7586b08fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TinyNuke


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5f8ba796aab82ddf835d0e16e2d9e8bfe9c0203257e12cecf98e6d7586b08fe
SHA3-384 hash: 416d4ca703bf57ccf8fb2a44691fb1333df16c975b2d386e62fea48597310be3011dca87d9845b796869cfb85ee1568e
SHA1 hash: df3fe6d291751de3e8bebdb33d2cd65a3c152d41
MD5 hash: 9678f52192040cca6b81b322c93685d8
humanhash: friend-oxygen-two-oklahoma
File name:tinynuke.exe
Download: download sample
Signature TinyNuke
Create hunting rule
File size:5'762'117 bytes
First seen:2021-12-15 16:04:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2fb819a19fe4dee5c03e8c6a79342f79 (56 x Adware.InstallCore, 8 x RedLineStealer, 7 x Adware.ExtenBro)
ssdeep 98304:X5IXgbI5Zdy3Bvoy0fO++L4rufACHPbD9BZPLfaCfGDd3bIhrdCzjZysWq4qg4ea:g0VoymO+prB83ZPGCuDdEhrYPTW9qI6T
Threatray 9'305 similar samples on MalwareBazaar
TLSH T1384633B71AA24572E6C5EE7DFDD3A45C213FA26D3D2463F13265C11CDC13F8AA2A0129
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter 0x746f6d6669
Tags:exe TinyNuke

Intelligence

File Origin
# of uploads :
1
# of downloads :
740
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
tinynuke.exe
Verdict:
Malicious activity
Analysis date:
2021-12-15 16:05:39 UTC
Tags:
installer
Link:
https://app.any.run/tasks/731403be-09d3-4cee-aad2-094135ca7dd3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/214365/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Moving a file to the %temp% subdirectory
Searching for the window
Creating a file in the %AppData% subdirectories
Creating a file
Changing a file
Sending a custom TCP request
Moving a file to the %AppData% subdirectory
DNS request
Delayed writing of the file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Changing settings of the browser security zones
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/2133/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware overlay packed tinynuke
Link:
https://www.filescan.io/uploads/61ba1233dbe06b75d7beb555/reports/2c12fe58-69bd-4e76-86a2-29f95d2d4838/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Varenyky
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4b13c51d-34aa-4284-87b1-a92ed73ee0ce
Result
Threat name:
Tinynuke / Nukebot
Create hunting rule
Detection:
malicious
Classification:
phis.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/907993
Signature
Antivirus detection for dropped file
Detected Tinynuke / Nukebot malware
Found Tor onion address
Installs TOR (Internet Anonymizer)
May use the Tor software to hide its network traffic
Modifies Internet Explorer zone settings
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected TinyNuke
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 540471 Sample: tinynuke.exe Startdate: 15/12/2021 Architecture: WINDOWS Score: 100 56 Antivirus detection for dropped file 2->56 58 Multi AV Scanner detection for dropped file 2->58 60 Multi AV Scanner detection for submitted file 2->60 62 4 other signatures 2->62 9 tinynuke.exe 2 2->9         started        process3 file4 36 C:\Users\user\AppData\Local\...\tinynuke.tmp, PE32 9->36 dropped 68 Obfuscated command line found 9->68 13 tinynuke.tmp 5 71 9->13         started        signatures5 process6 file7 38 C:\Users\user\AppData\Local\...\is-ECBGM.tmp, PE32 13->38 dropped 40 C:\Users\user\AppData\...\firefox.exe (copy), PE32 13->40 dropped 42 C:\Users\user\...\8979876876.dll (copy), PE32 13->42 dropped 44 115 other files (none is malicious) 13->44 dropped 16 firefox.exe 1 68 13->16         started        process8 file9 28 C:\Users\user\AppData\Roaming\...\tor.exe, PE32 16->28 dropped 30 C:\Users\user\AppData\Roaming\...\firefox.exe, PE32 16->30 dropped 32 C:\Users\user\AppData\Roaming\...\zlib1.dll, PE32 16->32 dropped 34 57 other files (none is malicious) 16->34 dropped 54 Installs TOR (Internet Anonymizer) 16->54 20 firefox.exe 3 1 16->20         started        24 tor.exe 8 16->24         started        signatures10 process11 dnsIp12 46 192.168.2.1 unknown unknown 20->46 64 Modifies Internet Explorer zone settings 20->64 66 Tries to harvest and steal browser information (history, passwords, etc) 20->66 26 tor.exe 1 20->26         started        48 178.17.170.156, 49760, 9001 TRABIAMD Moldova Republic of 24->48 50 193.11.114.43, 49846, 9001 SUNETSUNETSwedishUniversityNetworkEU Sweden 24->50 52 34 other IPs or domains 24->52 signatures13 process14
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f5f8ba796aab82ddf835d0e16e2d9e8bfe9c0203257e12cecf98e6d7586b08fe/
Threat name:
Win32.Infostealer.TinyNuke
Create hunting rule
Status:
Malicious
First seen:
2021-11-14 02:45:00 UTC
File Type:
PE (Exe)
Extracted files:
102
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
1eb39c14abcac667ca35cf294bfda8ac6282b93028d830f1665afa2a87cff4ef
TinyNuke
27c7af83c87c02b4dc9c0a8d35d42d48f941ff72b2d9ac59971e0127142d084c
TinyNuke
48f9b4bc2bf75c03449857ff0d6b47c35ab97ed8ba444890ccdd4128d9ae1027
TinyNuke
780426de24ae46f300fdaf9cbf597c8f2164f7b6c525c0bbcc07dca087be768c
TinyNuke
7f2da313a75add2d2762a6f8ef8ca2828fb96661ab726b8aaad79ae5f89577c9
TinyNuke
8f2789b6a628a92f9f6313305b255c405f867c49161bb864263dcfef5a6f712d
TinyNuke
d1597e584fec8eb356aa5c831045b2ce68531e69fe70436fa3ca0d8dd1d90ca7
TinyNuke
e3ac84aeb4c0a6606a5e385327f371c36335954f27ec4151d616fbb73d466e37
TinyNuke
efa78d9ed272969fb2ac62b355f0b9532d20d26ed47d87e3c2d5f1e4b67bbad3
TinyNuke
+ 9'295 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware stealer
Link:
https://tria.ge/reports/211215-tjhskaahak/
Behaviour
Modifies Internet Explorer Protected Mode
Modifies Internet Explorer Protected Mode Banner
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Adds Run key to start application
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Unpacked files
SH256 hash:
c38c6403d3ec97329dd26efa527217c3cf46285a9f0a3c32a88b8968790d1c4c
MD5 hash:
ad83b13ae9b53e4618cf4e552bae1325
SHA1 hash:
bf89329416c3ad71a56eca4d0f5fe5ece32c6581
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
a6805aa8bfe51e088dfb75f8d0e1a517268ee5089414bd5e103364f628615def
MD5 hash:
1426d4df78e8928c605bd0abcedbdadb
SHA1 hash:
e819b2df9228b6b3987a88403724cc07d0f02023
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
a65f27d5516d73731edd03eb582e1e47fc0de374ade070fc32917f4ac16a98f3
MD5 hash:
fc9fb485d22983a88e6d5ef61c3d00da
SHA1 hash:
ceef9a82a870f44891bc8c056aae3b54d74234f9
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
c7c863948dc0337bc616e5340b07009d231abe46c6865d85c26803ad7c55b3b0
MD5 hash:
b0257518ddcc906af50228afd158695f
SHA1 hash:
ba24c633c5442491ad923f45fd57469bef830ea3
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
7b5bab0218a26aa2f612aa5b9880cd2e4e8bdd9d4a90ca9dd3ab0474abf210a2
MD5 hash:
60765952b328f38d3be120ce64904c23
SHA1 hash:
ac6751d21a513151a46a9dbdaa5946ec11f369e9
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
23899ddeb937a8828f9e319aeb54ff7a88641310977db6f3c846a328e6c93d57
MD5 hash:
a372be5bab359a55b3b6c81f48b91245
SHA1 hash:
a05030913e2b798fb92263f43fab9ecc1a77ce36
Detections:
win_tinynuke_g0
Create hunting rule
win_tinynuke_auto
Create hunting rule
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
992150f485241348c16ed54dad1ede662c5b34dd7f82be873413b88b27ff48f2
MD5 hash:
a54c7689bd5ba80870102ec974460865
SHA1 hash:
9a4be1e7f8a1e5b7ab48e340eb71792fd401848f
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
a0f840883b78adc2cd6fe8ae95d900f84a765f5fdeb50d6a8326d087e771f9c8
MD5 hash:
1dd25c557d3c1fb5f2dc79c6276931c7
SHA1 hash:
82b04846787336ddf82d58059708060d2aef9673
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
235ab2903486607dd1a785e3435535a706ae8b0035d8afb688f9b183ecbe3850
MD5 hash:
13cd34cf0b661798e2f39fa51d4ba7d7
SHA1 hash:
411c4df8b44fb3df2ebe9fe9486e048f17f688e1
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
9e95317065b5f8aaf2611fc89230c42667b98c1832a9d241ad5a44f9f55b36bc
MD5 hash:
b678186d550fbad93d999d78674aebbe
SHA1 hash:
3d234d1b2f2e3d47f1215e6f9efafb3981c5cd30
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
7ef0c8e5e545f603d7cd9fd0013048f626f6cabd51d5b53c698021739279dfc7
MD5 hash:
49c90d8ebfb2134f320ca2a567c378a1
SHA1 hash:
1d9adf1949c22e8b45f2d44f44761940b43d456c
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
8148b9bee1cdca5fe6fa8981d77749a105f2acff695142b9925b2c7ac1a5f80a
MD5 hash:
e5bce74ce469b9fa85892b973da70016
SHA1 hash:
01fb82ef6602a0e7a1e22488e6d9ad6dba9151b7
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
13ef29f0b49c23ab4d8c7f243016346d0151b23f5aca656937cbff17d931ade3
MD5 hash:
3bd49337923fc644b8adfad393fab027
SHA1 hash:
833ff99bc2bf0c9c6a7c583f7bb4c3b6aeeb6d39
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
1300a16bcf6e1eba47bbbe34ce13f48d49bc462783a8cba71d266f5ee35cda4b
MD5 hash:
a7428c4a9cedcb8d359c90f6f8bf2af9
SHA1 hash:
db6fb2092e125223ce0f904304eff8b9ff672241
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
e603ade593ebb3cdc53eaa7f5408e3bede483556ec5a6ca15527de7aaf8f278f
MD5 hash:
00a0274079d830250f17d2bd2b293286
SHA1 hash:
d8d5a530f985e4c4f011bcc3483c3fd800504453
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
40880850cf7cb00e455f5846259c60b9daadcb14c42f93e061c93c22a2fa9b33
MD5 hash:
4896837bb17070dd101cef53ea81ad1a
SHA1 hash:
b180dc8af1ff9d5e7dd932b011fe87fd19610adf
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
7390811763509de26f20591038514a000276c3debac9a7e86ec6f1277e7a6767
MD5 hash:
201c4ecd413346b2d2da1b5fae95a348
SHA1 hash:
afbee7ba74ec5b4b415bbb92d96f7d15acd399dd
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
2ee0820ad108a235c62a3d50afe4a49a0ad7569d2f0d1e12725081f43b575459
MD5 hash:
79cfe07f09e2c23abd225720586de2e3
SHA1 hash:
89e2330b68b15684b028b8efd9ee576d09ad1310
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
86c0b92121e6c732eaa075284a5777b8dacd176d0f8de73e0705afe6ab328e59
MD5 hash:
b051abefe1e23d14a6395e1ae92922c3
SHA1 hash:
7642b2ebbfa357ff02a8224ad39156023f57ae33
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
5361a174e6ad59c3de3883406293400d99547c82d5d6772cf1ec818429487328
MD5 hash:
577cf7f6d1bf28f32bfe33f3c4ae12b2
SHA1 hash:
6733f88e71a336ee5296c3f9a6f81980ae6e2d70
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
31819bec7183af670a2441c5590fd6ddeefb826bfc5b461d645f56b017d270c0
MD5 hash:
3daf7f9f1c858b78f089e4e68f4b1e36
SHA1 hash:
3a837b2515e8cb924e953da0df411ca9d5c3e290
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
d8e0e992506dc97af4e4d9a0439c2c6a25569dea8c2b579d5ab44a8a8af5d3a6
MD5 hash:
166da14eb5e486c5b05c1f45b36978e9
SHA1 hash:
330d8e233a97afc1265f64420107e191f6209757
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
9da85faae484a7a1e14627c212e5265d7e8cd141461956478b9b948ba7fac804
MD5 hash:
4f8239ca76f3664887ffe7c50aad57df
SHA1 hash:
2f9193ff47f8ed9876598e5ba3be690ca2c2decc
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
5a39c46b2af58a595cf5d008d23f8f0651d7935e2d70806f949e93791e41d449
MD5 hash:
89d8adf19f3e56906f6ae16ea4e94314
SHA1 hash:
23532ac46a3f2406d4b2c39ed17c1c150d42aa52
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
c4779b81a14f34c481d58a1ec7ef7219a47159c7786d552f67d979eb16b13b6b
MD5 hash:
438e8ae49ba3e9598d4385c766711e9e
SHA1 hash:
15edc81e323da82be4d94e4e61bb3594aca4b390
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
ae869add18ecedfd314c4900dc3a6baf75f2e0f700b7b7459c4e67a86cfbba88
MD5 hash:
56f8a81ee557718de32c77eb9928482b
SHA1 hash:
036bb64f7431109b911689f33bd4c563d4b26b33
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
c77c21b5252a3c388e66843ecdc9f2df7ad29e262c5aca805d4754b3673d1212
MD5 hash:
5b3cf5c8336aefceea93cb3479799add
SHA1 hash:
033f2f524367fd389cf00ed83b5a593856d621a2
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
3d2a4647a066429648da2445a5df1658be4a7317dcfe515eebd9c1b5eff93a88
MD5 hash:
9df74e9e10d581e9e9c5bc7f56a35f10
SHA1 hash:
e0a14e2a7e4aa22bb2dab3442c41b69c2c570ecf
Detections:
win_tinynuke_g0
Create hunting rule
win_tinynuke_auto
Create hunting rule
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
Parent samples :
f5f8ba796aab82ddf835d0e16e2d9e8bfe9c0203257e12cecf98e6d7586b08fe
d890aeafeeac4d6c2d8a1ff8b4d377d9084455a4d46b642da837c05d9b53cdbb
SH256 hash:
d773bfcb55289ea792e5084b477321ef340889518d4d42951e208e58ad30f32f
MD5 hash:
649cd6038a07d05f11962ede23cb698d
SHA1 hash:
13b75f01d631e225b5743fd2c7bf5bb94e012251
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
SH256 hash:
f5f8ba796aab82ddf835d0e16e2d9e8bfe9c0203257e12cecf98e6d7586b08fe
MD5 hash:
9678f52192040cca6b81b322c93685d8
SHA1 hash:
df3fe6d291751de3e8bebdb33d2cd65a3c152d41
Link:
https://www.unpac.me/results/2b45bce3-f04d-4064-b1af-597a2d054f7c/
Malware family:
Sodinokibi
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/f5f8ba796aab/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f5f8ba796aab82ddf835d0e16e2d9e8bfe9c0203257e12cecf98e6d7586b08fe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/214365/

Comments