MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1405c3b8c1ddedab092b1c6c0c525a992f83702ca70f69d0bcd98e4f4a17c08b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1405c3b8c1ddedab092b1c6c0c525a992f83702ca70f69d0bcd98e4f4a17c08b
SHA3-384 hash: cdc88c6098c9c29e5500481cfcc7185e7818941f498d6b7a4703d144455c79b487c77f8b3aa96385a0da78fa729c65d8
SHA1 hash: d150075b755437d8643fc7044a494c1758f3c4f9
MD5 hash: 171b0101d8939f1678003322ef736a91
humanhash: december-south-triple-potato
File name:SecuriteInfo.com.Trojan-Downloader.Win32.AutoIt.55.21236
Download: download sample
File size:532'143 bytes
First seen:2023-04-03 04:29:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 77b2e5e9b52fbef7638f64ab65f0c58c (12 x Formbook, 2 x Loki, 2 x AgentTesla)
ssdeep 12288:qjGccZo7YdAyz9OWRLyLKaPWZ8CMJ214/PQNtwnRcY3rHuJnmYH1hnmjWhbY:tlZoot9OqyLKaPVwiXQNUuJnmR
Threatray 40 similar samples on MalwareBazaar
TLSH T150B4F156A2485B30DDB20D33A017C87D47223CA5CDBAA65D22C7BA0B653E6F31E37947
TrID 35.7% (.EXE) UPX compressed Win32 Executable (27066/9/6)
35.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.9% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f0c4b49c9cd8bcec
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
229
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan-Downloader.Win32.AutoIt.55.21236
Verdict:
No threats detected
Analysis date:
2023-04-03 04:42:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/90c10b85-9cf8-4a99-90a9-f85bc07e35a1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/379465/
Detection(s):
SecuriteInfo.com.Trojan-Downloader.Win32.AutoIt.55.21236.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/76192/overview
Behaviour
MalwareBazaar
CheckNumberOfProcessor
MeasuringTime
CPUID_Instruction
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
83%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/642a565e5a075383fbff2792/reports/9d2fa1c4-5e9f-4bcb-aafd-dff14843e2d7/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/1405c3b8c1ddedab092b1c6c0c525a992f83702ca70f69d0bcd98e4f4a17c08b
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e34da397-87df-4e0a-8f1f-12041ac27111
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1206754
Signature
Changes the view of files in windows explorer (hidden files and folders)
Contains functionality to detect sleep reduction / modifications
Found API chain indicative of sandbox detection
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1405c3b8c1ddedab092b1c6c0c525a992f83702ca70f69d0bcd98e4f4a17c08b/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cqc4hogb3xw2wcjldrwayus2texyg4bmu4hwtuf43ghe6sqxycfq._file
Verdict:
unknown
Similar samples:
10036157527a31b20c614f93ef5ea8101fc843c04704423bcda299b1d1e7c1a1
5161a16217b9d8b9817ad1f6e1020e2eb625bbd6ccf82fbf9423077d0c966aa0
615beea238930be9e92faf8e7394d59d65000beb9728bb8b38f6b31c83e435e8
6c3b8f706293d8462261afe66048575af6798cd0ebaec43f77a742609be0f869
6c72d759129b828faa7ec1928b87e3f7b4379980eebd79ca3d0b3ed721198266
e9a35f03dee73888b8547d4d49977c53c0384b5273a8440b46e41bb54c25f52a
f080bf1c00fb050cc2a92fb17c08cd22d427782c6f47c532a2462ce3325905f0
f5b3bd1e70cfdf95cd20cc360931cd09675fb4c63ea6dfca938454a79f8b1e31
+ 30 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
upx
Link:
https://tria.ge/reports/230403-e4vkjaeb4t/
Behaviour
Enumerates physical storage devices
AutoIT Executable
UPX packed file
Unpacked files
SH256 hash:
1405c3b8c1ddedab092b1c6c0c525a992f83702ca70f69d0bcd98e4f4a17c08b
MD5 hash:
171b0101d8939f1678003322ef736a91
SHA1 hash:
d150075b755437d8643fc7044a494c1758f3c4f9
Link:
https://www.unpac.me/results/47d829f3-9d1b-4aef-9309-ab3ac2e35050/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.28
Link:
https://yomi.yoroi.company/submissions/1405c3b8c1ddedab092b1c6c0c525a992f83702ca70f69d0bcd98e4f4a17c08b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/379465/

Comments