MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2356490a72fc822b94f7156aa2ecd9b83f83f5cdd5a6e3344eb40dc4aafad323. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2356490a72fc822b94f7156aa2ecd9b83f83f5cdd5a6e3344eb40dc4aafad323
SHA3-384 hash: 4f35b7acf581a2945e15511230d0b0bdd06f23794c6b81409b25540d48adee574937f5611cdb5828f8e64bd3526b2733
SHA1 hash: 7ad117f3c4575d823f54c1289a097a1bebffd6d7
MD5 hash: c36e1ec661c76d560ff037a82a4e01ad
humanhash: bakerloo-diet-cardinal-moon
File name:c36e1ec661c76d560ff037a82a4e01ad.exe
Download: download sample
File size:63'047 bytes
First seen:2024-10-16 11:10:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash be41bf7b8cc010b614bd36bbca606973 (195 x LummaStealer, 126 x DanaBot, 63 x Vidar)
ssdeep 1536:sNErPZ3IBZcbTfu1HlrJFCPcbPn0ekDRjcHtvXE:sAPC23aJFC0bPn0eu6vX
TLSH T143536B8297E880BBF9B20EF1283109515EB3BC2504B4D55F9348FD9E3973682847DB6B
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
399
Origin country :
NL NL
Vendor Threat Intelligence
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=670f9f47707bcd8537fbfc12
Tags:
Injection Exploit
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin microsoft_visual_cc overlay packed shell32
Link:
https://www.filescan.io/uploads/670f9f471433d889a9434170/reports/744105da-2c41-412b-bafe-096f7425bc07/overview
Verdict:
Malicious
Labled as:
Trojan.AutoIT
Link:
https://www.hybrid-analysis.com/sample/2356490a72fc822b94f7156aa2ecd9b83f83f5cdd5a6e3344eb40dc4aafad323
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a2d96903-4a86-4a32-bd16-7ea7c8f2beb4
Result
Threat name:
n/a
Detection:
unknown
Classification:
n/a
Score:
4 / 100
Link:
https://www.joesandbox.com/analysis/1535006
Behaviour
Behavior Graph:
Download SVG
Score:
51%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/2356490a72fc822b94f7156aa2ecd9b83f83f5cdd5a6e3344eb40dc4aafad323
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2356490a72fc822b94f7156aa2ecd9b83f83f5cdd5a6e3344eb40dc4aafad323/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=enlescts7sbcxfhxcvvkf3gzxa7yh5on2wtogncowqg4jkx22mrq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/241016-m99kmswepd/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/30e03ab0-0614-4f6b-9fd7-b546c7142586
Unpacked files
SH256 hash:
2356490a72fc822b94f7156aa2ecd9b83f83f5cdd5a6e3344eb40dc4aafad323
MD5 hash:
c36e1ec661c76d560ff037a82a4e01ad
SHA1 hash:
7ad117f3c4575d823f54c1289a097a1bebffd6d7
Link:
https://www.unpac.me/results/f2efb62b-967c-4063-905b-d30c24b42758/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2356490a72fc822b94f7156aa2ecd9b83f83f5cdd5a6e3344eb40dc4aafad323

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2356490a72fc822b94f7156aa2ecd9b83f83f5cdd5a6e3344eb40dc4aafad323

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3211866/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteW
SHELL32.dll::SHFileOperationW
SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::OpenProcess
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetDiskFreeSpaceW
KERNEL32.dll::GetCommandLineW
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::GetWindowsDirectoryW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuW
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExW
USER32.dll::OpenClipboard
USER32.dll::PeekMessageW
USER32.dll::CreateWindowExW

Comments