MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 241074924c7b51be32a2bd658a84deab2bcd30a4bc48d8a71e92123c941887ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 241074924c7b51be32a2bd658a84deab2bcd30a4bc48d8a71e92123c941887ba
SHA3-384 hash: 8ed548bcc306c62fd581906d704279f81a061a04619d820c3e49d3b8299658f97f9dfef177e9c36d27dd225a6e23e64c
SHA1 hash: 39cfc489c88df1586d60a7e594679803226a735e
MD5 hash: 2e29ca797a270d08c074968bd8c42649
humanhash: artist-diet-wolfram-beer
File name:2e29ca797a270d08c074968bd8c42649
Download: download sample
File size:13'312 bytes
First seen:2023-07-13 08:19:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 192:W8tagmRO023mvFTaFs/vNgQeV8U2N1rv8slbtkTBEqMeSo7wQb7PdQZiSB0mtpt/:W8tHm80CyvNgQWAUCQy+7tC28D/
Threatray 44 similar samples on MalwareBazaar
TLSH T13D523B5097AC8237CDAF43BBAC736B822275D7796811DF6B19CCE2592C133888762375
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter zbetcheckin
Tags:64 85-217-144-143 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
272
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2e29ca797a270d08c074968bd8c42649
Verdict:
Malicious activity
Analysis date:
2023-07-13 08:21:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1fa6b69e-d47b-46e7-8b24-05a9b6b4fd5f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/417315/
Detection(s):
SecuriteInfo.com.Win64.PWSX-gen.24944.14242.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Creating a file
Creating a service
Launching a service
Loading a system driver
Creating a file in the Windows subdirectories
Creating a file in the Windows directory
Enabling autorun for a service
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/64afb3b3a15fc7eb4fd1da9d/reports/f0361dcd-34f3-4c39-9b38-2df547c9dafc/overview
Verdict:
Malicious
Labled as:
Win64/Agent_AGeneric.AMQ trojan
Link:
https://www.hybrid-analysis.com/sample/241074924c7b51be32a2bd658a84deab2bcd30a4bc48d8a71e92123c941887ba
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
NetWalker Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4b96339c-3e64-4c69-bb0a-db0b4243c119
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1272307
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sample is not signed and drops a device driver
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/241074924c7b51be32a2bd658a84deab2bcd30a4bc48d8a71e92123c941887ba/
Threat name:
Win64.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2023-07-13 08:20:05 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eqihjesmpni34mvcxvsyvbg6vmv42mfexrenrjy6sijdzfayq65a._file
Verdict:
malicious
Similar samples:
34bb306b3f95e91956508cc278a341c0b8d9930797da087dd58724d6c8e90ac2
37efec4c9df42e2a53f73a9923a8e9a1154a790dc5316ec875b5b7640f27d294
3bf7eea3c296aa5c8ba2bc56f56a83469a2ebdf4c97f8b87bb8c135bd27de6ea
4a4f33afe3086aa1962d92412fc2166c5e6b565087bbe20cc411dfc0e9ded6a0
5dc64de09c601fd34fc8cbceed6eea6c2df0e3b5b9bd31600f5e187b8e223055
71b83a4a645cee8038819ee490a2b6324d287d8aac405adb1b373277dc5c23ab
752cd9b98abfd8737d90c300de0ffb7c471a0b94a8a6f870931a7d69ac424281
82a7b83bacb8a14b90742ab0cc14fdfa1f27713d634542a3c6a8e0d4940a6a61
8ee291c9153a33f1f76ffd3c67d69162c6459cfde019634707339ddbf2793582
e43e5c816ce04f8fa14c819ff2b5bfc02c03e27a4b0a6b85875ef11ea4d4489f
+ 34 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230713-j8e3vsfh37/
Behaviour
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
241074924c7b51be32a2bd658a84deab2bcd30a4bc48d8a71e92123c941887ba
MD5 hash:
2e29ca797a270d08c074968bd8c42649
SHA1 hash:
39cfc489c88df1586d60a7e594679803226a735e
Link:
https://www.unpac.me/results/dc84cb69-4668-4d29-8f83-dc904ca90cbb/
Malware family:
SmokeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/241074924c7b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 241074924c7b51be32a2bd658a84deab2bcd30a4bc48d8a71e92123c941887ba

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/417315/
  
URLhaus
https://urlhaus.abuse.ch/url/2681797/

Comments


Avatar
zbet commented on 2023-07-13 08:19:43 UTC

url : hxxp://85.217.144.143/files/HHH1.exe