MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08365973a7fef5b23e00d7a8301d072c5d998aa01d41348c57c806effcf7fb1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	08365973a7fef5b23e00d7a8301d072c5d998aa01d41348c57c806effcf7fb1f
SHA3-384 hash:	64d342e56b94b887fde6d92a53a9f276fa9980c2835beafb11f805afb86f62e882ffbf716b941c09162810de68dcc6d6
SHA1 hash:	c057f0ef16be32deb041d1c45c376d2cda443075
MD5 hash:	bd0b64dba6e56deec1a068912dfbc655
humanhash:	artist-five-artist-network
File name:	SecuriteInfo.com.Win64.DropperX-gen.14310.9849
Download:	download sample
File size:	546'304 bytes
First seen:	2023-08-25 03:29:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	12288:wpFytX1Pm2kJhqCBaDyJnaMUnQ3kzwjsfWCS/K0KbG:cFmFwh5BaMaybjUWCxtbG
Threatray	55 similar samples on MalwareBazaar
TLSH	T1BEC4016A2911AA3BDAD04B3EF75C100BC9525C2FFB53B1E5B537ADE2103E011E9059EB
TrID	56.5% (.EXE) Win64 Executable (generic) (10523/12/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

257

Origin country :

FR

Vendor Threat Intelligence

ANY.RUN Malicious

Malware family:

n/a

ID:

1

File name:

SecuriteInfo.com.Win64.DropperX-gen.14310.9849

Verdict:

Malicious activity

Analysis date:

2023-08-25 03:43:35 UTC

Tags:

lgoogloader opendir

Link:

https://app.any.run/tasks/d0ed2b00-6814-44f7-857c-f22e40b023bb

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/444625/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win64.DropperX-gen.14310.9849.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file

Creating a service

Launching a service

Loading a system driver

Creating a file in the Windows subdirectories

Creating a file in the Windows directory

Сreating synchronization primitives

Creating a process with a hidden window

Creating a window

Using the Windows Management Instrumentation requests

Enabling autorun for a service

Blocking the User Account Control

Forced shutdown of a system process

Adding an exclusion to Microsoft Defender

Unauthorized injection to a system process

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

masquerade packed

Link:

https://www.filescan.io/uploads/64e820497444d2eb09f0ad1c/reports/13e2176b-31e6-47ac-8205-8af5c7e32b9e/overview

Hybrid Analysis Win/malicious_confidence_100%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/08365973a7fef5b23e00d7a8301d072c5d998aa01d41348c57c806effcf7fb1f

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Malicious

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/534bf214-3296-4431-aaef-a3302147d5f0

Joe Sandbox DotRunpeX

Result

Threat name:

DotRunpeX

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.expl.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1297134

Signature

.NET source code contains very large array initializations

Antivirus / Scanner detection for submitted sample

Changes security center settings (notifications, updates, antivirus, firewall)

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Query firmware table information (likely to detect VMs)

Sample is not signed and drops a device driver

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected DotRunpeX

Yara detected UAC Bypass using CMSTP

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/08365973a7fef5b23e00d7a8301d072c5d998aa01d41348c57c806effcf7fb1f/

ReversingLabs TitaniumCloud ByteCode-MSIL.Trojan.Privateloader

Threat name:

ByteCode-MSIL.Trojan.Privateloader

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-08-25 03:30:15 UTC

File Type:

PE+ (.Net Exe)

AV detection:

19 of 24 (79.17%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ba3fs45h7323epqa26udahihfroztcvadvatjdcxzado77hx7mpq._file

Threatray malicious

Verdict:

malicious

Similar samples:

37efec4c9df42e2a53f73a9923a8e9a1154a790dc5316ec875b5b7640f27d294

3956c21824bc18caca2523381ce3fa113e40d5e7f47bf2a05d65f2a1a27a3f1d

4a4f33afe3086aa1962d92412fc2166c5e6b565087bbe20cc411dfc0e9ded6a0

576ef869c72f3afe6f4f5101f27aeb0d479cae8e5d348eea4e43e8af8252dfd0

9b8c91bfe5d5fd4e42d6aaa029f45bf8654edf6126da3769183c0840fa59abc9

ac8608bc5b4c0f07e986efa1965ea77825ef430b4c7699e569a43877aeebc6a5

b6b11f3f8bfb25580a473ebc62529276c47a05e43c3fc70845df1d8c1c515262

be3324f0d5a2da5608acf864ed8eb35df95081915d10d8f8a81c302747dc7710

e36cf15a41affb3946975d75dfa344a7d01fb02aab6137b085b9a494ed76fed8

e9b89c91baf30931ff00e18e04d957edc7735cbc9e44eec035e8f395f6c4b6dd

+ 45 additional samples on MalwareBazaar

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/230825-d2hyaaad6y/

Behaviour

Suspicious behavior: LoadsDriver

UnpacMe

Unpacked files

SH256 hash:

08365973a7fef5b23e00d7a8301d072c5d998aa01d41348c57c806effcf7fb1f

MD5 hash:

bd0b64dba6e56deec1a068912dfbc655

SHA1 hash:

c057f0ef16be32deb041d1c45c376d2cda443075

Link:

https://www.unpac.me/results/07282fa2-6468-4203-9481-f2e4401cd980/

VMRay Malicious

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/08365973a7fe/report/overview.html

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/08365973a7fef5b23e00d7a8301d072c5d998aa01d41348c57c806effcf7fb1f

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 08365973a7fef5b23e00d7a8301d072c5d998aa01d41348c57c806effcf7fb1f

(this sample)

Cape

https://www.capesandbox.com/analysis/444625/

  

URLhaus

https://urlhaus.abuse.ch/url/2706694/

  

Delivery method

Distributed via web download