MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77e4c7c5c57f645f4f9953b7968a3fffa5488068d5f1382a271e9d638f0ef17c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mekotio


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77e4c7c5c57f645f4f9953b7968a3fffa5488068d5f1382a271e9d638f0ef17c
SHA3-384 hash: 05453a7c514446e206ad719ae9ad457f2fae5f62bde22a3bd8aed7baf1c19618101faefa21f8d4d3e37516db301e1125
SHA1 hash: f1112b4023c74424df9ac417a41e93d60e42fbc6
MD5 hash: 8430c47beeeb40ce828fc6fbd518370e
humanhash: bacon-video-diet-snake
File name:seuvalorizahsq27ujd eckot6.msi
Download: download sample
Signature Mekotio
Create hunting rule
File size:4'110'848 bytes
First seen:2021-06-24 06:11:50 UTC
Last seen:2021-06-24 07:11:15 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 98304:iY5ApYMS9pTia9dqtuDYGJsMaevuR23v0sZR:KYd9/dqtuDNJciPss
Threatray 49 similar samples on MalwareBazaar
TLSH AC16F211D37339D9EA67A6BFA1AD0FD18514E4F0A119DA2B333C2BA49ED120A71F3543
Reporter albertosegura
Tags:Mekotio msi

Intelligence

File Origin
# of uploads :
2
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/167836/
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/77e4c7c5c57f645f4f9953b7968a3fffa5488068d5f1382a271e9d638f0ef17c
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/807142
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 439553 Sample: seuvalorizauozoztkh t8cffe.msi Startdate: 24/06/2021 Architecture: WINDOWS Score: 48 11 Multi AV Scanner detection for submitted file 2->11 5 FNPLicensingService.exe 2->5         started        7 msiexec.exe 2->7         started        9 msiexec.exe 2 2->9         started        process3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77e4c7c5c57f645f4f9953b7968a3fffa5488068d5f1382a271e9d638f0ef17c/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2021-06-23 03:42:02 UTC
File Type:
Binary (Archive)
Extracted files:
250
AV detection:
5 of 45 (11.11%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
05771ebe7aced89d11a1c750f7b7317214993f8f2b95f400746f0cf82a6ca24f
Mekotio
090875aa772527ebf603d65d2895f4a21e85b150983e9a40ff3d52314f844b70
Mekotio
305e4219ba882107a71ffdef329c5daa7925e5322907cb669471efb0c8009a54
Mekotio
38c4baea01347f88b497f928343cb19d1e68a693369da7cecdde067281e26fa9
Mekotio
6ff7459bb301103727dc8559a89ed94cc6f7a70ca14a39864e0e6ea8bc4a1484
Mekotio
76eab867aae0dcb9ec96ed5fca30fc051ac776981fa997c0b2b0e09905932aa6
Mekotio
873ca576759dec3f2b4f7d0050585eaa36ae0b458f52110e66a7dfcfcb328cfa
Mekotio
9f0d3b49b6eea3eff22dce2838b10e8e3b03c45f31212f8d26ae31cd576f1104
Mekotio
c55d93f8c25e4ed3886cc125f129ded48bf781990a143cbe5996f38fd2ab7fc7
Mekotio
f22ee649e4377d819c87af15623076bc6a28aac49e6d99cf10c9a81d9df766b4
Mekotio
+ 39 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210624-lnrv7lvzca/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Enumerates connected drives
Loads dropped DLL
Executes dropped EXE
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.25
Link:
https://yomi.yoroi.company/submissions/77e4c7c5c57f645f4f9953b7968a3fffa5488068d5f1382a271e9d638f0ef17c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_msi_file
Create hunting rule
Author:Johnk3r
Description:Detects common strings, DLL and API in Banker_BR

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mekotio

Microsoft Software Installer (MSI) msi 77e4c7c5c57f645f4f9953b7968a3fffa5488068d5f1382a271e9d638f0ef17c

(this sample)

  
X
https://twitter.com/JAMESWT_MHT/status/1407910628476469251
  
Dropping
mekotio
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/167836/

Comments