MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24fd571600dcc00bf2bb8577c7e4fd67275f7d19d852b909395bebcbb1274e04. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24fd571600dcc00bf2bb8577c7e4fd67275f7d19d852b909395bebcbb1274e04
SHA3-384 hash: 72915f525494a2cd6726191be724323c1a82fc7aabe17b2e6607d4c67e73d9126872aa721b75718d83a7aad2280ebbbe
SHA1 hash: 2a1461189052a014d345444557611af0c9d3fe34
MD5 hash: 5db75e816b4cef5cc457f0c9e3fc4100
humanhash: mobile-alanine-chicken-north
File name:VMSearch.exe
Download: download sample
File size:24'576 bytes
First seen:2023-12-28 22:27:56 UTC
Last seen:2024-04-22 17:57:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 384:FH7WwxvyrxCjvCyau13yiI2SekOtWX/5Z+hGs2ptYcFm7B03K:VxxKrx6miInekz/5Z+hStYcFm7B6K
TLSH T1D0B2E716B3581790C9B9997320D600AB9FF5DD3A2C91EA67798DF70E1F760E29203E43
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon befeaaba9494abbe (1 x AgentTesla)
Reporter smica83
Tags:APT28 exe OceanMap UKR

Intelligence

File Origin
# of uploads :
7
# of downloads :
426
Origin country :
HU HU
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win64.ExploitX-gen.9277.15542.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Launching cmd.exe command interpreter
Creating a window
Enabling autorun by creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
cmd lolbin replace
Link:
https://www.filescan.io/uploads/658df67410642636b38b34fd/reports/6eacd9a8-4af0-4663-bafc-74d123608741/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/24fd571600dcc00bf2bb8577c7e4fd67275f7d19d852b909395bebcbb1274e04
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Pawn Storm
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/24db58d7-9c37-48b0-ab0d-d0e19314c600
Result
Threat name:
n/a
Detection:
malicious
Classification:
expl
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1367818
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1367818 Sample: VMSearch.exe Startdate: 28/12/2023 Architecture: WINDOWS Score: 64 25 Antivirus / Scanner detection for submitted sample 2->25 27 Multi AV Scanner detection for submitted file 2->27 29 Sigma detected: Drops script at startup location 2->29 7 VMSearch.exe 3 2->7         started        11 VMSearch.exe 2 2->11         started        process3 dnsIp4 23 74.124.219.71, 143, 49704, 49705 IMH-WESTUS United States 7->23 21 C:\Users\user\AppData\...dgeContext.url, MS 7->21 dropped 13 cmd.exe 1 7->13         started        15 cmd.exe 11->15         started        file5 process6 process7 17 conhost.exe 13->17         started        19 conhost.exe 15->19         started       
Score:
23%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/24fd571600dcc00bf2bb8577c7e4fd67275f7d19d852b909395bebcbb1274e04
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/24fd571600dcc00bf2bb8577c7e4fd67275f7d19d852b909395bebcbb1274e04/
Threat name:
ByteCode-MSIL.Adware.RedCap
Create hunting rule
Status:
Malicious
First seen:
2023-12-25 14:36:15 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
3
AV detection:
13 of 21 (61.90%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=et6vofqa3taax4v3qv34pzh5m4tv67iz3bjlscjzlpv4xmjhjyca._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/231228-2dmtbsefal/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops startup file
Unpacked files
SH256 hash:
24fd571600dcc00bf2bb8577c7e4fd67275f7d19d852b909395bebcbb1274e04
MD5 hash:
5db75e816b4cef5cc457f0c9e3fc4100
SHA1 hash:
2a1461189052a014d345444557611af0c9d3fe34
Link:
https://www.unpac.me/results/278d25e0-210a-4926-a950-163d86ab2911/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/24fd571600dcc00bf2bb8577c7e4fd67275f7d19d852b909395bebcbb1274e04

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://cert.gov.ua/article/6276894

Comments