MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0793547b9e20fcb33a61abf134a8ffad5967d58377fc432f2a1c4d9ce46aa15e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0793547b9e20fcb33a61abf134a8ffad5967d58377fc432f2a1c4d9ce46aa15e
SHA3-384 hash: fc7ec2f7b1ef7c08751eed65bafbb433cb3adaab0c85d73474cdbe885410ea2f64d1d99d5550654ef83193d0dffbaeff
SHA1 hash: 37dc20ed008998be6253d3137978c2602e7537f2
MD5 hash: 523fe1a6f49760a5efa18375b0fde438
humanhash: florida-south-mobile-music
File name:PAYLOAD.DLL
Download: download sample
File size:395'776 bytes
First seen:2021-10-28 05:56:38 UTC
Last seen:2021-10-28 07:24:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1305a15580dc16b03705958fda0bd246
ssdeep 6144:Ebp2kyWcPB8eDG9VKyFsUGuLKmFvLD88RGNo+umNgo/35edglOX0YRTNR:J+eDAMwdhHvLD81JNgmlOkg
Threatray 15 similar samples on MalwareBazaar
TLSH T1EA847C4677A48CB6D82E9279CA538F4AD7B2BC114771C36F4360A35E5F333A15C2932A
File icon (PE):PE icon
dhash icon 71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter ankit_anubhav
Tags:94.140.112.183 exe lsvhy

Intelligence

File Origin
# of uploads :
2
# of downloads :
138
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PAYLOAD.DLL
Verdict:
No threats detected
Analysis date:
2021-10-28 06:10:45 UTC
Tags:
installer
Link:
https://app.any.run/tasks/c1955558-d4ad-472c-a67b-5ece6c20f077

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/200798/
Detection(s):
SecuriteInfo.com.Win64.Kryptik.CRV.20012.15010.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware keylogger packed
Link:
https://www.filescan.io/uploads/617a3bb0db358dd15ee21fff/reports/ddf43d0b-ca24-47bd-9695-129bdcd32040/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c46c339e-33bb-4d7a-a68f-6c5b2a69ddf2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/878317
Signature
Creates an autostart registry key pointing to binary in C:\Windows
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Sigma detected: UNC2452 Process Creation Patterns
Uses cmd line tools excessively to alter registry or file data
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 510747 Sample: PAYLOAD.DLL Startdate: 28/10/2021 Architecture: WINDOWS Score: 64 81 Sigma detected: UNC2452 Process Creation Patterns 2->81 11 loaddll64.exe 1 2->11         started        13 rundll32.exe 2->13         started        16 rundll32.exe 2->16         started        process3 signatures4 18 rundll32.exe 11->18         started        20 cmd.exe 1 11->20         started        23 rundll32.exe 11->23         started        29 4 other processes 11->29 89 Modifies the context of a thread in another process (thread injection) 13->89 91 Injects a PE file into a foreign processes 13->91 25 cmd.exe 13->25         started        27 cmd.exe 13->27         started        process5 signatures6 31 cmd.exe 1 18->31         started        33 rundll32.exe 20->33         started        35 cmd.exe 1 23->35         started        87 Uses cmd line tools excessively to alter registry or file data 25->87 37 conhost.exe 25->37         started        39 reg.exe 25->39         started        41 cmd.exe 1 29->41         started        process7 process8 43 rundll32.exe 31->43         started        45 conhost.exe 31->45         started        47 choice.exe 1 31->47         started        49 rundll32.exe 35->49         started        51 conhost.exe 35->51         started        53 choice.exe 1 35->53         started        55 rundll32.exe 41->55         started        57 conhost.exe 41->57         started        59 choice.exe 1 41->59         started        process9 61 cmd.exe 1 43->61         started        64 cmd.exe 1 43->64         started        signatures10 93 Uses cmd line tools excessively to alter registry or file data 61->93 66 reg.exe 1 1 61->66         started        69 conhost.exe 61->69         started        71 conhost.exe 64->71         started        73 choice.exe 1 64->73         started        75 rundll32.exe 64->75         started        process11 signatures12 83 Uses cmd line tools excessively to alter registry or file data 66->83 85 Creates an autostart registry key pointing to binary in C:\Windows 66->85 77 conhost.exe 66->77         started        79 reg.exe 66->79         started        process13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0793547b9e20fcb33a61abf134a8ffad5967d58377fc432f2a1c4d9ce46aa15e/
Verdict:
unknown
Similar samples:
1bf28e7bb5cf75e005c6a8f647b7cd0a6a5b5e1455a8a902a81aef774aac27e6
1f9f8cf325ff2de752478ff0623086019ebd1ffbce1d1c2f60e0b70149279f10
314449ff757b308d440796441176566d3a6c17522dd75a8b24b70aab80458065
4ef27aa805d70d310dd56575525553be1baf7a48d4e7327f056ca0a5859c6ff6
508a816001e6d2f7b6617d9009e97c533d02d366055dad4eb17a9ee38915fa4b
60e3f1aa7f85ea1f92ad1415eb2fd129b790d84954a6537761be3e63338f2de7
8e4c165eb5f1072f84dfd76fd4966e455eaeb0df3a14d20559253d2ebabf7114
95347bea5432c09cc216f5db771b956eb78a43139789036af9446139967b1c7f
b0912554158dfc4bad48096f61b9312405ee97e802447fdfa52ed64ee4bf023d
e6ecad8148c06e8e0fa14f1e3c9026703891b291c25180fe4936260c967d1c15
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/211028-gnlc2ahebm/
Behaviour
Enumerates physical storage devices
Unpacked files
SH256 hash:
0793547b9e20fcb33a61abf134a8ffad5967d58377fc432f2a1c4d9ce46aa15e
MD5 hash:
523fe1a6f49760a5efa18375b0fde438
SHA1 hash:
37dc20ed008998be6253d3137978c2602e7537f2
Link:
https://www.unpac.me/results/1769b585-6d45-49a0-8f18-26ea3679ca73/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0793547b9e20fcb33a61abf134a8ffad5967d58377fc432f2a1c4d9ce46aa15e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/200798/

Comments