MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24b05dea7290ca2ab8b49c9efd04492a09fc3e7d6cafba2003316c2a80155645. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	24b05dea7290ca2ab8b49c9efd04492a09fc3e7d6cafba2003316c2a80155645
SHA3-384 hash:	c7610c872820beb9b799d2942c873df89b90dffc3bfcbe4adb554472a0d2a139882cced6c6c97c1bd748d1ae905931fd
SHA1 hash:	f830789855d8e59b5bc361856ff5d5a11a875a95
MD5 hash:	eb457508c0786ee25e66069f16e16e3c
humanhash:	carolina-mountain-violet-west
File name:	SecuriteInfo.com.MSIL.Agent.OXE.tr.dldr.21798.30738
Download:	download sample
File size:	6'873'600 bytes
First seen:	2023-06-30 18:45:38 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	98304:dIxzgXZqWTjP7GES/X/QxsuU030V7zGzXPncMLumIbDgUY5lUIxfK7uCmnl3gy:dW0puPXQy0+7zGzfna3gUYzfEFmi
Threatray	747 similar samples on MalwareBazaar
TLSH	T11666122BBF5A8EA2D35A5B76E55B94094B2CCE41320BCF2F398E3351347B759AD40702
TrID	50.8% (.EXE) Win64 Executable (generic) (10523/12/4) 10.0% (.EXE) Win16/32 Executable Delphi generic (2072/23) 9.9% (.ICL) Windows Icons Library (generic) (2059/9) 9.8% (.EXE) OS/2 Executable (generic) (2029/13) 9.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	33f0c09696c0f033 (3 x LummaStealer, 3 x Rhadamanthys, 2 x Stealc)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

265

Origin country :

FR

Vendor Threat Intelligence

Malware family:

redline

ID:

1

File name:

SecuriteInfo.com.Win32.SpywareX-gen.7963.25701

Verdict:

Malicious activity

Analysis date:

2023-06-30 18:50:07 UTC

Tags:

opendir rat redline

Link:

https://app.any.run/tasks/086ffa1e-22f2-4c9b-8c15-37907a53d212

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/404483/

Detection(s):

SecuriteInfo.com.MSIL.Agent.OXE.tr.dldr.21798.30738.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending an HTTP GET request to an infection source

Verdict:

Malicious

Threat level:

10/10

Confidence:

89%

Tags:

packed

Link:

https://www.filescan.io/uploads/649f230151710bcd8d4382b0/reports/69111e73-0068-4df4-935c-602436822ad3/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/24b05dea7290ca2ab8b49c9efd04492a09fc3e7d6cafba2003316c2a80155645

Result

Verdict:

MALICIOUS

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a74029c7-9fa3-427d-b192-1cefcc94c898

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1264171

Signature

.NET source code contains potential unpacker

Snort IDS alert for network traffic

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/24b05dea7290ca2ab8b49c9efd04492a09fc3e7d6cafba2003316c2a80155645/

Threat name:

Win64.Trojan.SpywareX

Status:

Malicious

First seen:

2023-06-30 15:45:17 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

11

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=esyf32tssdfcvofutspp2bcjfie7ypt5nsx3uiadgfwcvaavkzcq._file

Verdict:

malicious

Similar samples:

0bc099a8c737ad30b82d97b9dccab910e00c26da556b2f1d22e9a9c1e21e5bb8

0d5a17d3f0689e944a37bf9424e19493280b77c4014cbd3d1c491977fffdf869

1eb67b2f1f44eadcfba937fc9fa51038d7eb2a0a9ba164026c5ee848e3d99eac

25e0f6235b109679e8f74f142eb8807c825d33070c7161c86b9600650559247e

4e1e9baa83e4e1f612490a1348ba9d6aa431563ad96320705d3ea886a8ede4e9

66ec3c9fb1339c6925fb508c17190aa7869e24b149abcedd771aa53ea9de27fa

b93b9b4b0168407f63a6c2c16a96e4a4b41d5d715bdb9f46254a214570ba1b6b

bd213bacf745262d609025230b73d653d2ef62875f28860ea1b4d1a65f5c5cca

f9c0b902d916f689dcf93a3557640741826483e3c2c3139a02605a5ec0546b29

fc6ddb1f7644597b84d14e3efa4cd1a1d1ad0083141b3fa2a613cd3c092f6505

+ 737 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230630-xep8mafd4t/

Behaviour

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

24b05dea7290ca2ab8b49c9efd04492a09fc3e7d6cafba2003316c2a80155645

MD5 hash:

eb457508c0786ee25e66069f16e16e3c

SHA1 hash:

f830789855d8e59b5bc361856ff5d5a11a875a95

Link:

https://www.unpac.me/results/25a970b6-f8c6-4022-95dd-dddcacaa293c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/24b05dea7290ca2ab8b49c9efd04492a09fc3e7d6cafba2003316c2a80155645

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/404483/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample