MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05c74df48acc294f4664a48c2ad643b78168dd92ece54ee32f7113334fc02885. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05c74df48acc294f4664a48c2ad643b78168dd92ece54ee32f7113334fc02885
SHA3-384 hash: ca9046ff24330aef8fc72711d6eac6466e48975bbed420d2017d41ac6024f48894878c75f514f73d6b2db933d25994be
SHA1 hash: 9efcc8d0f9a3fc6fe46afe52f0275c477b354afd
MD5 hash: 71f7bcdedc1e2660b2ed55390e3b13be
humanhash: hawaii-alanine-alanine-helium
File name:SecuriteInfo.com.Mal.Generic-S.13295.15141
Download: download sample
File size:324'608 bytes
First seen:2021-02-27 09:04:15 UTC
Last seen:2021-02-27 09:47:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b5be9911699ff7cd3db3e8298f417173 (1 x AsyncRAT)
ssdeep 6144:kp2dYlUst8yGhRh9BdxQZKPbszLgIxEVpu6apviQ5QYdoSQ8Yac:I2AYbt9BvECb085VQQYdoSS
Threatray 283 similar samples on MalwareBazaar
TLSH 00641209394C1FE0FFE06DF30927E2C95AAC8E2239A09197D0B4B47BB5752A663C7171
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Mal.Generic-S.13295.15141
Verdict:
No threats detected
Analysis date:
2021-02-27 09:05:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2b1f09c4-a0f7-4939-9626-e29537d1d106

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/119583/
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

SecuriteInfo.com.Mal.Generic-S.13295.15141.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/620372
Signature
Multi AV Scanner detection for submitted file
Sample or dropped binary is a compiled AutoHotkey binary
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/05c74df48acc294f4664a48c2ad643b78168dd92ece54ee32f7113334fc02885/
Threat name:
Win32.Exploit.DrvDos
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 14:31:56 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
094157797d5445aeefe736030d14515e4cfe9478a52a9f6911728b2e6e343b45
1e2d9254c50c83736eaad6c2ec1bf8cb1c12c1940493e64c09c1826320d00ac4
202d6e7fc1f86f21bd9d35feba81b947f527879afbb5972b51c949099c0dbf28
2ba0f2e22ed07ca3188c898a0c9256fd30e878916ebe669ed52b25cb18d5ccde
340faf52d0d5a1be59ae58a7adc8f2af901275c43902d179ebbc8b427fcfec48
40e054c5c315d144c46e4caab2eb10d61f71c8f3cb97a85e81b96ce6a306463d
796e01b82d47f19cfa0337ae70e8338b1afc999ebe42ce7ee3faf1e15218bcda
e37b9f443aeeb7bc508a9805354e0a91593d00536f61810eccaafbd9e325e347
ee9d9465f960e3d9dc344b9663653b9d6f2ed072586b183124f27d3f902c31f5
f272416d8cc43a319811db7fc8f6ac087785e2a3b173ecfe573b725952dd430f
+ 273 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210227-3njmgnr1ex/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Unpacked files
SH256 hash:
31d631ac28dd9de00aee19aa18d52c13e619d600f81cae65156faaacfa16e4f4
MD5 hash:
298a200b36dcc9cd7761cb567fe77201
SHA1 hash:
e1ce030e660d12b75b50d8bc1f891eab87377c28
Link:
https://www.unpac.me/results/b3064c0d-d555-44f9-b87e-5995199ea7b0/
SH256 hash:
05c74df48acc294f4664a48c2ad643b78168dd92ece54ee32f7113334fc02885
MD5 hash:
71f7bcdedc1e2660b2ed55390e3b13be
SHA1 hash:
9efcc8d0f9a3fc6fe46afe52f0275c477b354afd
Link:
https://www.unpac.me/results/b3064c0d-d555-44f9-b87e-5995199ea7b0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Exploit
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/05c74df48acc294f4664a48c2ad643b78168dd92ece54ee32f7113334fc02885

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/
Rule name:upx_packed
Create hunting rule
Description:UPX packed file

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 05c74df48acc294f4664a48c2ad643b78168dd92ece54ee32f7113334fc02885

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1035229/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/119583/

Comments