MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 009872e5b21683527af8fe77f920398924fc34e443537fe97a896f8c26cb466f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 009872e5b21683527af8fe77f920398924fc34e443537fe97a896f8c26cb466f
SHA3-384 hash: 6b6c3f8d55d2de228f543d45d4774a5fc49120b05e4c8e2b254e83d845cb4fd603279993cbbf4c7e4c375b308856b931
SHA1 hash: 34556314b4f1e264f7d6fc157066de6102e1f3b0
MD5 hash: 737c3d0998d9424c0e199bc860983d90
humanhash: lion-illinois-missouri-steak
File name:SecuriteInfo.com.Trojan.MSIL.Crypt.25575.3241
Download: download sample
File size:4'943'872 bytes
First seen:2023-10-16 09:32:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 98304:KX4L6BcT07oh1XievAysrRPuGFd/x8fFU6fvsk:a4mYuorLQd/dWUGs
Threatray 3'313 similar samples on MalwareBazaar
TLSH T1083612CF7F847A52DE7E5174E08221048AEEC55E1281F7DA6CE0EDBE951333DA822E51
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
294
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.MSIL.Crypt.25575.3241
Verdict:
Malicious activity
Analysis date:
2023-10-16 09:35:13 UTC
Tags:
payload
Link:
https://app.any.run/tasks/70d80896-cc9f-4268-a23b-0dade3e6eb11

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/454803/
Detection(s):
SecuriteInfo.com.Trojan.MSIL.Crypt.25575.3241.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP GET request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade overlay packed
Link:
https://www.filescan.io/uploads/652d0313a29a700213a36d60/reports/d52a70e8-8da5-4324-a91b-aea36cc0e8bb/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/009872e5b21683527af8fe77f920398924fc34e443537fe97a896f8c26cb466f
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/90885dc3-11bc-43dc-98af-ce69e9477454
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/009872e5b21683527af8fe77f920398924fc34e443537fe97a896f8c26cb466f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/009872e5b21683527af8fe77f920398924fc34e443537fe97a896f8c26cb466f/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-10-16 08:40:00 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
3
AV detection:
9 of 23 (39.13%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=acmhfznsc2bve6xy7z37sibzrespynheinjx72l2rfxyyjwlizxq._file
Verdict:
unknown
Similar samples:
0634d2afee669d7d5c5193ec04ef7db10b5b9edc9deaa3731143687b8221c6b5
1acf701fe129149fc33c5431899d83aa64fd31ad0b241ed83ea8ab1673eff6db
22224f65c07515b2f61e29f7f1a14005d0de54378aa925d9e017bb2ac26b5395
257891b32e5b952cf172a11affd291e4964ec9c1b24e51e174a4146503f8164a
6ca768e186aca34cce8eb9a3283f2a17a28f9b81281d464a3c80561b4fbaf066
9554e7ef83f9c1aabed52be7a308d7e25c99e7d71e006146aee045d29784f92d
a151dc5591395591d37f55a184a3b9f37e1ea1065ad7acdc2ad88b73654e8719
+ 3'303 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/231016-lhlttsdb4s/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
009872e5b21683527af8fe77f920398924fc34e443537fe97a896f8c26cb466f
MD5 hash:
737c3d0998d9424c0e199bc860983d90
SHA1 hash:
34556314b4f1e264f7d6fc157066de6102e1f3b0
Link:
https://www.unpac.me/results/76a22ccb-c628-4d2b-be00-d6ed86ec839d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.69
Link:
https://yomi.yoroi.company/submissions/009872e5b21683527af8fe77f920398924fc34e443537fe97a896f8c26cb466f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_no_import_table
Create hunting rule
Author:qux
Description:Detects exe does not have import table

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/454803/

Comments