MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1328068f60ae57dee66492ad6d1dfc2cb759622a801552811998162f4ee11108. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	1328068f60ae57dee66492ad6d1dfc2cb759622a801552811998162f4ee11108
SHA3-384 hash:	090a96722acfe6063bed3fe6e9f0125b64bfcfa327000ebd1b8d1b758947b9029f12c051b954534ee2992f536e0ca8f0
SHA1 hash:	1dfd6886e58862a88d44652f9c09e40a5b43f604
MD5 hash:	5075663ec7db591721d138fb69ea3df3
humanhash:	william-butter-timing-autumn
File name:	file
Download:	download sample
File size:	19'456 bytes
First seen:	2023-06-21 16:03:40 UTC
Last seen:	2023-06-21 18:38:34 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	384:EreuS6ZJtVyDpM62PY+WeLABichh0Ja2noSv7mZEd65d1rdyDjXjlLH27NAqAR:wSEJ7OM62PYbEAWOD10XTx2hAqAR
TLSH	T1AE924B19739C8337ED5F463AA97122C007BDF7A73643A72B8BC620C659633685B425B3
TrID	44.4% (.EXE) Win64 Executable (generic) (10523/12/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	andretavare5
Tags:	exe

andretavare5

Sample downloaded from http://85.217.144.228/files/123.exe

Intelligence

File Origin

# of uploads :

# of downloads :

276

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2023-06-21 16:06:27 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/694c3dc1-a1ec-4189-8e31-892e8ed8f450

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/401470/

Detection(s):

SecuriteInfo.com.Win64.DropperX-gen.30120.134.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

DNS request

Sending a custom TCP request

Sending an HTTP GET request

Creating a file

Creating a service

Launching a service

Loading a system driver

Creating a file in the Windows subdirectories

Creating a file in the Windows directory

Launching a process

Enabling autorun for a service

Forced shutdown of a system process

Unauthorized injection to a system process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/64931f73a746170017b793d5/reports/05dc6e75-67fd-40f1-a36e-6c7d304629e6/overview

Verdict:

Malicious

Labled as:

MSIL/GenKryptik_AGeneric.AAV trojan

Link:

https://www.hybrid-analysis.com/sample/1328068f60ae57dee66492ad6d1dfc2cb759622a801552811998162f4ee11108

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/5b2a7275-bac1-4e27-bf6c-dae652e02723

Result

Threat name:

n/a

Detection:

malicious

Classification:

expl.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1259181

Signature

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sample is not signed and drops a device driver

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected AntiVM3

Yara detected UAC Bypass using CMSTP

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1328068f60ae57dee66492ad6d1dfc2cb759622a801552811998162f4ee11108/

Threat name:

Win64.Trojan.Privateloader

Status:

Suspicious

First seen:

2023-06-21 16:04:05 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cmuand3avzl55zteskww2hp4fs3vsyrkqakvfaiztalc6txbceea._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230621-thxkbsbf2w/

Behaviour

Modifies system certificate store

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

1328068f60ae57dee66492ad6d1dfc2cb759622a801552811998162f4ee11108

MD5 hash:

5075663ec7db591721d138fb69ea3df3

SHA1 hash:

1dfd6886e58862a88d44652f9c09e40a5b43f604

Link:

https://www.unpac.me/results/00c801a3-a4c2-4dce-826a-f7da5db48e7c/

Malware family:

SmokeLoader

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/1328068f60ae/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1328068f60ae57dee66492ad6d1dfc2cb759622a801552811998162f4ee11108

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

URLhaus

https://urlhaus.abuse.ch/url/2627614/

Cape

https://www.capesandbox.com/analysis/401470/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample