MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 196789f6c613d99136ea8ed3f7c5e10b0f0ab284036d87fdf782824239c26bff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 196789f6c613d99136ea8ed3f7c5e10b0f0ab284036d87fdf782824239c26bff
SHA3-384 hash: d4db418bf33fd92b0a9188f079998d4b340f459fb062e7b9c0571ac3341924e6385c14cfb08d9077e1ab9464462ce5ee
SHA1 hash: a87aca2a5384cb2e4b1363bad68b7d420ed78b3a
MD5 hash: 4359ec34ab4e88d35bce69b4d904ce8b
humanhash: nineteen-happy-coffee-ten
File name:SecuriteInfo.com.Win32.InjectorX-gen.4494.26110
Download: download sample
File size:3'092'040 bytes
First seen:2023-09-16 16:34:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ae9e38912ff6bd742a1b9e5c003576a (10 x DCRat, 7 x RedLineStealer, 4 x AsyncRAT)
ssdeep 49152:HdgbtUZyw+RgdNpuUA/50UOKa9cCZL2vrcjgeexFkGcurRxnMbAI+FaoYxS5DIj:H0WywNBuUasKqsageeIJIMbAI+FXcSGj
Threatray 93 similar samples on MalwareBazaar
TLSH T1B2E52302BBC145B2D46229372B19CB21BA7C7D312E78C9DBD3549D1DED326E09B313A6
TrID 89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
287
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win32.InjectorX-gen.4494.26110
Verdict:
Suspicious activity
Analysis date:
2023-09-16 16:36:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a57b1d22-5c2e-4135-aa07-5e38c86b8a79

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/449057/
Detection(s):
SecuriteInfo.com.Win32.InjectorX-gen.4494.26110.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm greyware lolbin lolbin overlay packed packed regsvr32 replace setupapi shdocvw shell32
Link:
https://www.filescan.io/uploads/6505d93b33582f234ef8f8fd/reports/d6a4d573-bed1-4558-a9c2-55b85196192d/overview
Verdict:
Malicious
Labled as:
Trojan.Uztuby
Link:
https://www.hybrid-analysis.com/sample/196789f6c613d99136ea8ed3f7c5e10b0f0ab284036d87fdf782824239c26bff
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8896b533-3e88-45da-951d-84f4cdd8c712
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1309478
Signature
Antivirus detection for dropped file
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/196789f6c613d99136ea8ed3f7c5e10b0f0ab284036d87fdf782824239c26bff/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2023-09-16 16:35:09 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
16 of 23 (69.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dftyt5wgcpmzcnxkr3j7prpbbmhqvmueanwyp7pxqkbeeoocnp7q._file
Verdict:
malicious
Similar samples:
1bd1f4a2f04635207558b2c8b98234eba7ef88fd2f3a9823d1ec3dcbed62bded
2810fec0fa1ce5497bacc6ab6f7b13a1396f641fe2466985ae55f742bbb3515c
5dc2b20980fead6b5ae011a1fc8d9f7564193f01ce8881440acd2aee0426a06c
89abc14445a61a815bd5cd3c2e7e8971b6e4a51d00b3b861f2c0ca9bdd785ccb
a76e2528c8f137a894a670c34b820f4ee245584825568c7fff6708a57455d7d9
bccd4c8104367f0d9f96167c71f5ec348f163ede23e31cb86cfde28e2d3132cf
c0ca3b7b303eb521724a9304137fc6a0c4b41b1f0af8c42da41275f17a880114
cc46dcaf1c9f9be0e98058eb356f0a6f5a776d86770f313ad6a07d2a807f0020
d92b5b079600e4b7db2b17374ce0f2e20e077a28f9275c5054b857de09377745
e91296156cd506f7a152db4e4beac1c56ce03676f16db637c97cd135038409ff
+ 83 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230916-t3nsxsbh2x/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
f162a85c35801a041cdd751a19f8b71360a8c8ad3d4b89a6f77f309ab72daeed
MD5 hash:
8be31f051babd1cc26cbf2dc5c1b02f0
SHA1 hash:
923145c973115e5084952cbfd12fb23bb912febd
Link:
https://www.unpac.me/results/b5374930-bf88-49f0-b8d3-b488aa68655e/
SH256 hash:
196789f6c613d99136ea8ed3f7c5e10b0f0ab284036d87fdf782824239c26bff
MD5 hash:
4359ec34ab4e88d35bce69b4d904ce8b
SHA1 hash:
a87aca2a5384cb2e4b1363bad68b7d420ed78b3a
Link:
https://www.unpac.me/results/b5374930-bf88-49f0-b8d3-b488aa68655e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/196789f6c613d99136ea8ed3f7c5e10b0f0ab284036d87fdf782824239c26bff

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 196789f6c613d99136ea8ed3f7c5e10b0f0ab284036d87fdf782824239c26bff

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/449057/
  
URLhaus
https://urlhaus.abuse.ch/url/2712020/
  
Delivery method
Distributed via web download

Comments