MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec76ecb58f5ec6d02f2b125102c9fe613891582a7607535a39e1b598cbfc5622. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec76ecb58f5ec6d02f2b125102c9fe613891582a7607535a39e1b598cbfc5622
SHA3-384 hash: cd1812ebe4b2bffa2c3eb40543c1a6c96837a0c199223200af0ec05be98fa17aa05946384dd4a938b7890e6d5d996585
SHA1 hash: c7afaebf1432f1f38bf2c639c7d15e55c91efcf3
MD5 hash: b6d3e8b5df276225dff0a622891166a0
humanhash: alpha-beer-oklahoma-queen
File name:MpCmd4.exe
Download: download sample
File size:2'649'956 bytes
First seen:2022-07-14 11:10:20 UTC
Last seen:2022-07-26 23:43:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fc0a0ccf35c1d9735dffd13fa76ecf54
ssdeep 49152:0sYbb7Ffj/Tksb/OkGhjFVrBFl+mewjvKF9npB:03wsb/OkGhjFVrBFl+metF9npB
Threatray 2'291 similar samples on MalwareBazaar
TLSH T19BC51A436ACB0DEAC9D66BB4A1D31335B778FD608B2A5E3F6608C6350D536C4AD1EB40
TrID 43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
27.6% (.EXE) Win64 Executable (generic) (10523/12/4)
13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) OS/2 Executable (generic) (2029/13)
5.2% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter r3dbU7z
Tags:exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
271
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
MpCmd4.exe
Verdict:
No threats detected
Analysis date:
2022-07-14 11:27:26 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4bc4d232-de75-4417-b318-c872247122db

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/289105/
Detection(s):
SecuriteInfo.com.VHO.Trojan.Win32.Injuke.gen.23401.2235.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Searching for the window
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug overlay rozena spyeye
Link:
https://www.filescan.io/uploads/62cff9ca8dab2096b998d4e8/reports/d911cdf3-b4d9-458c-be70-75425b717564/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1031307
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec76ecb58f5ec6d02f2b125102c9fe613891582a7607535a39e1b598cbfc5622/
Threat name:
Win64.Trojan.Shelma
Create hunting rule
Status:
Malicious
First seen:
2022-07-14 11:11:10 UTC
File Type:
PE+ (Exe)
AV detection:
9 of 26 (34.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5r3oznmpl3dnalzlcjiqfsp6me4jcwbkoydvgwrz4g2zrs74kyra._file
Verdict:
malicious
Similar samples:
054498f9520c77728c723a72e1657dd9371090e8c9ac67b53e888e5c0d03afed
0555b34b40f176362f5b9e070253358d8faec831f9675c03adfdb2929d168ee8
260191afe0e066cf63b69262018f62ac4d3fa02cd2188440f9d678de671772ff
40a4f84e519d5f19e8dcdd291c0044d0f260cfec720e065bee9644b8ed2e2491
4491bb41f0c1b41f17964834db747576ef873f9d1a999e2b78f39e7798281ee4
5193e7d006b375ac296ea34ab8917842faf6e0eeea196ad9319ea28d8ffcab30
5e37ccb3f0327957d04963703bdc9e31a121da9d44ef83abcbb388165e76d5db
b29b0f2a27ccbb9f12363a3dde1f2d2373fdc782232f4804f0abffbb8daf9d25
c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
e8b1a240c6fad4dd2e7bd0b08a0681131f2804d64d58869e60ad333cddc58cb0
+ 2'281 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220714-m99kmsfgdq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
ec76ecb58f5ec6d02f2b125102c9fe613891582a7607535a39e1b598cbfc5622
MD5 hash:
b6d3e8b5df276225dff0a622891166a0
SHA1 hash:
c7afaebf1432f1f38bf2c639c7d15e55c91efcf3
Link:
https://www.unpac.me/results/d12d5ed0-a417-4d4e-a90d-e0c2d3211b4d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ec76ecb58f5ec6d02f2b125102c9fe613891582a7607535a39e1b598cbfc5622

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ec76ecb58f5ec6d02f2b125102c9fe613891582a7607535a39e1b598cbfc5622

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/289105/

Comments