MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e4fbfd2d0e55900fa186a07514f75b7acfb7fc04d25fb9f61ba133fc49a49c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 24 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e4fbfd2d0e55900fa186a07514f75b7acfb7fc04d25fb9f61ba133fc49a49c7
SHA3-384 hash: 33a3d0a7764984aaaa9f2e736a1fa1f96f279d1bbccdc512a2a938e27cf099782bebd0d99cabd79100534f8adf965d06
SHA1 hash: 1d1f776319d3a6c9bb043ac68b5fce2e0671d529
MD5 hash: 128fb0b0d092116e645d8ec817e271e2
humanhash: friend-georgia-two-coffee
File name:SecuriteInfo.com.Win64.Malware-gen.81569512
Download: download sample
File size:14'398'646 bytes
First seen:2025-11-20 15:41:32 UTC
Last seen:2025-11-20 16:33:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 70d2e884fa127843c5bcbb53da86b6c8
ssdeep 196608:BKx5ZkerI1dc9irWBGFGJ+5vIKe2xoxki4dcekYoX:BKxapWfkNItKoei4dS
TLSH T1F9E6AD02F3F802A8E9BFC278C5665517D7B278591720DBDF159486A92F33BD09E39322
TrID 32.2% (.EXE) Win64 Executable (generic) (10522/11/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4504/4/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
106
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win64.Malware-gen.81569512
Verdict:
Suspicious activity
Analysis date:
2025-11-20 15:48:48 UTC
Tags:
loader
Link:
https://app.any.run/tasks/a12b80b0-348d-43d8-bb96-2d8322128d50

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/38861/
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=691f36ec8cf6736ec0afc35c
Tags:
dropper trojan extens
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Sending an HTTP GET request
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug fingerprint microsoft_visual_cc overlay overlay
Link:
https://www.filescan.io/uploads/691f37186724df90c528e447/reports/2b05a6f8-5c7f-4ac0-93b5-094de20b9d40/overview
Verdict:
Suspicious
Labled as:
Application.Tedy.Generic
Link:
https://www.hybrid-analysis.com/sample/1e4fbfd2d0e55900fa186a07514f75b7acfb7fc04d25fb9f61ba133fc49a49c7
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-11-19T05:07:00Z UTC
Last seen:
2025-11-22T10:20:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/1e4fbfd2d0e55900fa186a07514f75b7acfb7fc04d25fb9f61ba133fc49a49c7/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/adfb9eb7-094c-4ba4-87bf-8d1d7f18bd6a
Score:
95%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1e4fbfd2d0e55900fa186a07514f75b7acfb7fc04d25fb9f61ba133fc49a49c7
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1e4fbfd2d0e55900fa186a07514f75b7acfb7fc04d25fb9f61ba133fc49a49c7/
Threat name:
Win64.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-11-20 08:06:09 UTC
File Type:
PE+ (Exe)
Extracted files:
74
AV detection:
15 of 38 (39.47%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dzh37uwq4vmqb6qynidvct3vw6wpw76ajus7xh3bxijt7re2jhdq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/251120-s5jfjshl4s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks computer location settings
Executes dropped EXE
Downloads MZ/PE file
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f3bebbf6-e8a3-4ed8-98c6-fb224ffff38c
Unpacked files
SH256 hash:
1e4fbfd2d0e55900fa186a07514f75b7acfb7fc04d25fb9f61ba133fc49a49c7
MD5 hash:
128fb0b0d092116e645d8ec817e271e2
SHA1 hash:
1d1f776319d3a6c9bb043ac68b5fce2e0671d529
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
a1b82c92fd57f841aedcba84c165aa70990c654d7161e9892c09f9ffb9e82f55
MD5 hash:
65f97269fbaeb1a99ffe4d6751073216
SHA1 hash:
29a088457895b17c505bc04725d9f9ab52e917d1
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
c64ef77c3e5d152f22313f725cf90ae0d452362e2357c6b01419b378a43f3f93
MD5 hash:
e2fa7a9b5431cd463cf397899b881103
SHA1 hash:
70c4d72d29cad58f35252bf52e0c3eea4e27b5cc
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
a45ab062d1f6f7c09200f325d9ea0b302251a11755174a615da6e98f92e0a8b7
MD5 hash:
6402217afc94282610fe63625c551551
SHA1 hash:
74226636d79e1d0c30b871a5079807afeca0289a
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
66db2a8bc5d96dde88442ef89823a7ac5d3c6f98d617495df7a115c545d941bb
MD5 hash:
212e68ef60aa9293fb1b38af477c3b90
SHA1 hash:
a58d3d5179ea49034d4bab0b93d4eb14f94134fb
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
0f221f7f539770c4b79edf4eaca182e3b0c059f3cec77657b45c0a5bfbd23953
MD5 hash:
862d0e6117687c8cd6be4807690e05f6
SHA1 hash:
05a746363567ad590878a92cd2faec9e6b389c26
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
b1df957efcef6421ab55c115f09a1e368e02faa03f6cf53cbd951e51bdb1236d
MD5 hash:
a54350256ef0397cf632bfb26204ded3
SHA1 hash:
98ef9c6339880f70a232556c04e02738ee110136
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
356170610cff787d08c5d9240567cedfff373848ad6858effbc5504b165cc83d
MD5 hash:
5273157313e5fa9173f1c62f1a2a0fd2
SHA1 hash:
203b990b537ad18f1e0967d1587ffb6a5d472dc2
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
67012cf8bf6f4e2ae34842645514601ba2dd653eddf33e71155b1924db15ce1d
MD5 hash:
70c362dd00c54a8860c57dd896559298
SHA1 hash:
3ca459ad82e4c23a914b344679c542637057a0c5
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
728379ddaa9bf33f88d8f27bf49d1b2a364a02f8430d24b6e20732cb42818b89
MD5 hash:
bece81b3ff78990d577c74a4d5784120
SHA1 hash:
3c6e66d048d3168b8bd3e5b8d5bbe17716db4356
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
8fd5641aedc27b526f4d3e56b4acf5438f2bb290a2595cc02c4e0374afac7c4a
MD5 hash:
a7c1bf9b407f355b1c042ff65b3d8380
SHA1 hash:
171ab6d5f342cf849a26d41314ca8ebadf88bfeb
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
38dce44eaf8560fdcd8401ba8a369a911f24a1ad5d26899505319ae3131a73af
MD5 hash:
87f50cd05058e9f2b22d948f4cf9e202
SHA1 hash:
a35a4ba381991d9f8c449b96de683b85fdd80ff2
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
c9147621c066c304f6549de2581330009be655744d6111ba13aac6f7b75589f1
MD5 hash:
2711e20f91b43d14f1891e8031becd36
SHA1 hash:
7c4f66c4d81c3e8595ecbca7fe1283bfa3e60c0f
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
6f96b95af03e771ce9d8411014635de7d56db74fe5b34582798d813b70507e2c
MD5 hash:
4bc209d2a82ab865eaa877b6bf7f966a
SHA1 hash:
0246d92ac6dbe8ce958d2467cba46022cd89dd41
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
d44f2065cd39572073e0996215bb51f6c0e8609c7386ca6cdc62ebf298d4530f
MD5 hash:
e65f2a6603f611a494183466b4d1ec28
SHA1 hash:
6d4085410efaed14f4358bd5817b90ccd028e23f
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
254aa94687192f1296d2ff03a2110f82bdca84c7638e905a8af4b4df2e4502b3
MD5 hash:
a89ed521305f53b851f62c7be2ba01f4
SHA1 hash:
00803565d989a3ce92aa1cae67c0cc30a2e28ca8
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
ed0aae9f0233e2790813b865ea95584635b075677a49d63493be5f99103f0aa3
MD5 hash:
1f962b8c8b642c62742c0cb8b18b5958
SHA1 hash:
4ae5463d54130b78ce39c40d7e61bcb030cfc135
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
9624f7f846db00af2b919e43a17746bf24a051b0f37658d5e303c87b79ca32b5
MD5 hash:
819221880029747a7313a628d99f3fe9
SHA1 hash:
d8056cf19422fa54c5b0790e159777b0bb865d76
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
5ceb284d48cf73334f181ad377bd45eada622f1d68e28ba37c3aefe23b03f6d0
MD5 hash:
649684912298499efcc6a6a916abfcc6
SHA1 hash:
08d1b16621b48e8820423b38c1a70e07a35963da
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
f39edaab123ebf689a0406530d4303974e8ce2743dd11073aecddac838307124
MD5 hash:
a7eec74be93c1ede2d085722473f1172
SHA1 hash:
73f9d3f06b29d75fcb6be61bcb884710215b92d1
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
61ed5c8181f0a35af3976951cc2c1d50073805766fcb813bfb9db04efbab7e46
MD5 hash:
284ff0434d744de1fbc35e6bf48424ce
SHA1 hash:
30f8461c164dfd73b77914e0da4c3e141cdaeb7d
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
4836edd4ca6401718d3042b67c010924dcd9cb794f7da34db5be9d016ffc7501
MD5 hash:
d49952af6274571cfc456a72dfb1ce07
SHA1 hash:
8c09e35c8acf335226058bc6aec2e8ff2ddca03c
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
6f4371d6ac9239111cffd51a07a14cab979efce09bb356159fe3a225c98b57c7
MD5 hash:
5bb1ec1d60e688497224639df32e82a8
SHA1 hash:
f32a5479823096abbb542cc0210c1bdcc133fee9
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
719f181140372eb2cae46ee0dd77769d49a5dd1c5fdf28b379c8f3784ab6f869
MD5 hash:
c0dd7aa827e05bf5d150517f4544ad9d
SHA1 hash:
cf2b73ea8dfe43ecc9dfe438c996a5e9c7fda704
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
728fa610a0ca6d22a737c4bcf7687343c64bdb785564b2e005dea48c3e34b452
MD5 hash:
09de83af39d0b846cebb556f3d22c59c
SHA1 hash:
4a62381125cf4ccf6dc672aa9703c78ea30db0f9
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
c3f24380c4c0ba9e4acab3aeac46e99b282b868df07452f476fdc2f72ea1fd1e
MD5 hash:
166811356b6c6ff28b93e4ddc84df8d2
SHA1 hash:
26d9cb05ec901b27fc354fa830d5c464c0c69c78
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
389cef344864d5a96c1930f82f7d228243f7da2e669942019bed0769d4a1ad7e
MD5 hash:
0d81c3b55f147119c23a6bcec68f7c93
SHA1 hash:
843b3e0bc2accc9ba9ee9f8092f27962ccf49c11
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
c4c706a25775ac5d611be3936cef45539652a59fba8526a9f21b25aa13848018
MD5 hash:
7e844a1b5d41a4a73fa961d609cc406a
SHA1 hash:
a86a946a2be7eb63bf3ccf7db7620a3a5fd93e39
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
2869c6b4f53c988ed15b7d104422211138cbfeaa3d6e7b16a023bb00d94b2109
MD5 hash:
c27c2778877bcaab9b0bce838879a5c8
SHA1 hash:
161156397c7d0f593ac5a8eaa4e4759d674c15b6
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
4fd00d39fe2838952f5069b447996cee5fc8ebeb771984d8606b21206f714e17
MD5 hash:
7ec8a66e82afe8b515f3134ea1792f1c
SHA1 hash:
31686fe077943974d6789cfeb696776bfcf35b3c
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
35c13aa141e9b1e01ac9ecb131e9f2cae309f8d399cb634dfd84d338b4286ca8
MD5 hash:
941ef5d750a484f15b5b117b2c73a60a
SHA1 hash:
b789ef78b1c71b4371a0a1c385f1ebf53eaff84a
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
24ab84af349c1bf9d1bda35a3087ad2e41d6066197b577d16a7e6ea8b383046c
MD5 hash:
918c0d2e54b786c871632e08836ffcba
SHA1 hash:
fd9860d622753a80a9ed3846a4836aba0e907af7
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
04f98663b0d6e57ba2817abd31c485d6b5ed3ab743fd69517221cb5e7490607d
MD5 hash:
30c894242dc068e34bbb3abcb5056b9b
SHA1 hash:
b18332db7bdc0504adb4959f23c74e4f5e764fe2
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
135e906e0f26553c25cc8eb0e6daaddfb5e715fecb1dad932dda858c89806238
MD5 hash:
a88198d032a56c3a390d62904923c595
SHA1 hash:
83809381c79cf24b5a7825685dddfbbd713a8add
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
dd0077c6d94857fcaed96b035d68b1138a50fe35c87b04a8d046a84f6b85a731
MD5 hash:
e3ced559759153eef9aca1f714823b1a
SHA1 hash:
a170219b1597fc919cfb6d2f2088a28c720a6aed
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
e8e9aaeb3f70439c4f1df767f3ea49147506031c5499c1d0c379aea0148d4c29
MD5 hash:
498e137e43fd43add935719cb3958876
SHA1 hash:
a2e1234d4e29201bb78f60191a6b886934eb67d7
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
31119284440921526732db036da6b5f3c5ee6549884795627c787b7e05c1dd95
MD5 hash:
b6dd0b937470e168d1826c4a8c6abc23
SHA1 hash:
f34cbba38c905b1a57e9fb8dad802af5067fbabb
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
9e8a0611bfc732c6b69b475bec16f6f479aa7a6ae8099acc1b569cba16c17166
MD5 hash:
1b63e84555c6667c4af88f7ccba402db
SHA1 hash:
85817bce70422d3924c3faa95afa73eee7fbd2d6
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
SH256 hash:
c5d9ca629b7a5c861310f1cede4d7b4c135a5acaa146fbb177188411a6f4ac43
MD5 hash:
c24b8ed55023fd53f7207051d67a6acc
SHA1 hash:
67c6ffd8e75e9d6126c43fde9ef14d60b73bc4be
Link:
https://www.unpac.me/results/5bce6eac-49d0-48a2-a3b5-71b20b31f305/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1e4fbfd2d0e55900fa186a07514f75b7acfb7fc04d25fb9f61ba133fc49a49c7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:Detect_PowerShell_Obfuscation
Create hunting rule
Author:daniyyell
Description:Detects obfuscated PowerShell commands commonly used in malicious scripts.
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:Jupyter_infostealer
Create hunting rule
Author:CD_R0M_
Description:Rule for Jupyter Infostealer/Solarmarker malware from september 2021-December 2022
Rule name:Lumma_Stealer_Detection
Create hunting rule
Author:ashizZz
Description:Detects a specific Lumma Stealer malware sample using unique strings and behaviors
Reference:https://seanthegeek.net/posts/compromized-store-spread-lumma-stealer-using-fake-captcha/
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETDLLMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:reverse_http
Create hunting rule
Author:CD_R0M_
Description:Identify strings with http reversed (ptth)
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1e4fbfd2d0e55900fa186a07514f75b7acfb7fc04d25fb9f61ba133fc49a49c7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3712823/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/38861/

Comments