MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdf5f9635c047cde3c096139490f3462d03434986b1450ca5f01be74e1f5b559. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdf5f9635c047cde3c096139490f3462d03434986b1450ca5f01be74e1f5b559
SHA3-384 hash: 7855a8394fe65fb21181dd1e12ae0b251ad3169efce67abfb4f51a50fe98a1cc4190393d4567f7d3494c2ed20f0bafcf
SHA1 hash: 457e69a75a56bc9dfd414ea7aa52b732396a463d
MD5 hash: 9f1331b4968f26255e5331cb003ff25d
humanhash: item-louisiana-pasta-juliet
File name:SecuriteInfo.com.Variant.Razy.463744.1299.18235
Download: download sample
File size:2'766'336 bytes
First seen:2020-05-14 16:41:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3e1b04bd8e17b7d3aac3836726168286
ssdeep 49152:hjAYzPy6TG23uHMTebq0aNFA9X92JTaYaNELceKg:hjzLy6D3usTe+VNFA5EJTaYaNEQ
Threatray 1'017 similar samples on MalwareBazaar
TLSH BFD5332CBDC436A0C3C8D2B2910FF780C9B5F52D4C042B552CAB9B8B995F6DB9B75258
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.463744.1299.18235.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Clipbanker
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 14:12:48 UTC
File Type:
PE (Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a
389875d4c35ff8da276f122cb6b4ebd1b1d65ce5da5c05defefaf40c2609dbaf
433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30
610ef8befe605dd4ba3277c221c25932ffd6e1b939728da70ebd0d1b96fddaa4
7c2bcbc90aad473e93b52051f11b1c1d8f3d9436b7d95b49e1ca4c7c835b0115
9b2ad325e0cda26d0cd3769bea307050581d5c38d40d1281ff7e6b56420369cd
b56f704d8baea24179931e0f4efe389e4fb6175c7fb83c49d31aac5ab1e00a03
d6ba040d10d1fb8e0f6a8b1d5378be566f6d3816bf1a00fb3e0bb6eed29346b2
daac1aafd4f0f7b1e1e0112e913285543d73179216bc42cdf67036dae67955f0
e9e9a0314ec1302997e3382807436f43a70e0dc2c165aafa6b5b8f3856d04d0d
+ 1'007 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/201109-tanx51twte/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks whether UAC is enabled
Checks BIOS information in registry
Drops startup file
Loads dropped DLL
Executes dropped EXE
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fdf5f9635c047cde3c096139490f3462d03434986b1450ca5f01be74e1f5b559

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/362659/
  
Delivery method
Distributed via web download

Comments