MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25e0f6235b109679e8f74f142eb8807c825d33070c7161c86b9600650559247e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	25e0f6235b109679e8f74f142eb8807c825d33070c7161c86b9600650559247e
SHA3-384 hash:	b0d47a5a49bed19863ecaba1438c85ad7302e49dead8e2a0b0d93108f886d2dac3f6a1ea566e17d41de4f67219605f37
SHA1 hash:	97f935457a5bde2c1c8f2f9c4d657fb44e565f56
MD5 hash:	f9f57aeb7d905405c2ffe1e4a30762f1
humanhash:	purple-cup-enemy-north
File name:	SecuriteInfo.com.Trojan-Spy.FormBook.29615.14732
Download:	download sample
File size:	9'271'808 bytes
First seen:	2023-06-30 16:56:22 UTC
Last seen:	2023-06-30 17:48:42 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	98304:XdAkZ7nzqbc6oqes6pLdpqd76SqPmDr74CibCFky/aXFT+jYLIWimNK4BQMMV43Y:Xv7GcJpLDK6CbLAEYiHM243lMNRR1
Threatray	6 similar samples on MalwareBazaar
TLSH	T1C096CE03B6978FB2C3891737C56B16246BADD7C17313D63A6A8E137A09C37BA8D44207
TrID	56.5% (.EXE) Win64 Executable (generic) (10523/12/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

171

Origin country :

FR

Vendor Threat Intelligence

ANY.RUN Malicious

Malware family:

n/a

ID:

1

File name:

SecuriteInfo.com.Win32.Malware.Injector.E1Q5VA.26735.336

Verdict:

Malicious activity

Analysis date:

2023-06-30 17:05:40 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/faba83b1-dd9c-4424-999c-ed52063e7802

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/404362/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Trojan-Spy.FormBook.29615.14732.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Clean

Result

Verdict:

Clean

Maliciousness:

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/649f096257ca5bec17017881/reports/71e4c1ec-db8d-42b9-a4bf-43ccf6af1222/overview

Hybrid Analysis Win/malicious_confidence_90%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/25e0f6235b109679e8f74f142eb8807c825d33070c7161c86b9600650559247e

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Intezer

Gathering data

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1264343

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/25e0f6235b109679e8f74f142eb8807c825d33070c7161c86b9600650559247e/

ReversingLabs TitaniumCloud ByteCode-MSIL.Trojan.Heracles

Threat name:

ByteCode-MSIL.Trojan.Heracles

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-06-28 22:59:28 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

5

AV detection:

11 of 24 (45.83%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=exqpmi23cclht2hxj4kc5oeapsbf2myhbrywdsdlsyagkbkzer7a._file

Threatray malicious

Verdict:

malicious

Similar samples:

2177882a8fb4bd06c84f61e81cb2fdf862e88f0a86b66a10faa88801696422cd

5d0c01b1ceef88fb8963383443d7b833df48e10f8708edbfadb457c4ca99ffb4

94ecbf6f04ad4476d6b032a83b96f93897af0e16821b76802aaafb11677ad836

d7e4265853d2a220b4d89c06d529664436bf2d3aab76cd19bb3733771289fbad

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/230630-vf9mjsea32/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

UnpacMe

Unpacked files

SH256 hash:

25e0f6235b109679e8f74f142eb8807c825d33070c7161c86b9600650559247e

MD5 hash:

f9f57aeb7d905405c2ffe1e4a30762f1

SHA1 hash:

97f935457a5bde2c1c8f2f9c4d657fb44e565f56

Link:

https://www.unpac.me/results/8ff7fc51-b4d7-4cad-af2b-804fd39a2f78/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Suspicious File

Threat name:

Suspicious File

Score:

0.49

Link:

https://yomi.yoroi.company/submissions/25e0f6235b109679e8f74f142eb8807c825d33070c7161c86b9600650559247e

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/404362/