MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a13da7cc0931554afcbf601ce65f4abc540683a0c58406ef5807697fd4bfadc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	1a13da7cc0931554afcbf601ce65f4abc540683a0c58406ef5807697fd4bfadc
SHA3-384 hash:	6d995bd10bae50da61f00065ca396915f1247170fbabdb72a12fdbd4477bd900e97a13a5ed671c6ffaccf7b3f93b17d7
SHA1 hash:	4c63b8bff2bda49479c8aa72a3e8940bf235daef
MD5 hash:	d35ec62290a2027d892822ff9cfda4be
humanhash:	rugby-island-pasta-alpha
File name:	SecuriteInfo.com.Win64.HacktoolX-gen.10384.15523
Download:	download sample
File size:	13'339'664 bytes
First seen:	2024-02-07 23:29:29 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1d1c346967b3121c3be46dbe3c415521
ssdeep	196608:H23Zml5fI/7aGDGTeYrDpOgPodbCoBhrDvipJ/avQ507JYW6itzkKO/sPw:MmlG/7a7kgPo55BhXvipJQkMYW6i1ksY
TLSH	T121D633683AB50F5DD1A99AFF97643C1BC56B9EB05DC32677CF0A8C2E4D1AC680249343
TrID	45.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.3% (.EXE) OS/2 Executable (generic) (2029/13) 18.0% (.EXE) Generic Win/DOS Executable (2002/3) 18.0% (.EXE) DOS Executable Generic (2000/1)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

307

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win64.HacktoolX-gen.10384.15523.UNOFFICIAL

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

lolbin packed shell32

Link:

https://www.filescan.io/uploads/65c41280186112aa12a38ddc/reports/6177bc78-1e55-4918-b7bb-d6575fcfc02a/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/1a13da7cc0931554afcbf601ce65f4abc540683a0c58406ef5807697fd4bfadc

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/ea545386-6e5c-4402-b346-444b9e4e3489

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1388718

Signature

Hides threads from debuggers

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/1a13da7cc0931554afcbf601ce65f4abc540683a0c58406ef5807697fd4bfadc

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1a13da7cc0931554afcbf601ce65f4abc540683a0c58406ef5807697fd4bfadc/

Threat name:

Win64.Trojan.SpyLoader

Status:

Malicious

First seen:

2024-02-03 07:19:42 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

12 of 24 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dij5u7gasmkvjl6l6ya44zpuvpcua2b2brmea3xvqb3jp7kl7loa._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

9/10

Tags:

evasion trojan

Link:

https://tria.ge/reports/240207-3g5zrabd44/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Drops file in Windows directory

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks whether UAC is enabled

Checks BIOS information in registry

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Unpacked files

SH256 hash:

1a13da7cc0931554afcbf601ce65f4abc540683a0c58406ef5807697fd4bfadc

MD5 hash:

d35ec62290a2027d892822ff9cfda4be

SHA1 hash:

4c63b8bff2bda49479c8aa72a3e8940bf235daef

Link:

https://www.unpac.me/results/921502f1-454b-4c32-93ac-318e27330369/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.24

Link:

https://yomi.yoroi.company/submissions/1a13da7cc0931554afcbf601ce65f4abc540683a0c58406ef5807697fd4bfadc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample