MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2956779991070281c8dba226d96849ce5272818d38f96d29a7832e894b220ea4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SVCReady

Vendor detections: 8

Intelligence 8 IOCs YARA 5 File information Comments

SHA256 hash:	2956779991070281c8dba226d96849ce5272818d38f96d29a7832e894b220ea4
SHA3-384 hash:	6d84f999951dbef058ddf429fda305b4229690803442ccc85fcb082a73c40aa360c50657d6f5f8b1b63011d1ef10b030
SHA1 hash:	801329532f74b8300a914a9ce17055da06747f9c
MD5 hash:	f468aa98b57f2b8e82ad379963636de1
humanhash:	mars-october-oven-equal
File name:	yB038.tmp.bin
Download:	download sample
Signature	SVCReady Create hunting rule
File size:	1'180'160 bytes
First seen:	2022-07-18 08:09:37 UTC
Last seen:	2022-07-18 08:48:26 UTC
File type:	dll
MIME type:	application/x-dosexec
ssdeep	24576:zX/BkIVYwdZpl3QEwgc/gTx3Q0hRejKEaqQm8PGKwE3h4L2wH/87/c9JdDUnWcaG:z
Threatray	113 similar samples on MalwareBazaar
TLSH	T1B245BFF876047DD6667F467BDA96ECDC13B616229ACBA4CD8064BBC30563376FE02804
TrID	38.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 26.3% (.EXE) Win32 Executable (generic) (4505/5/1) 11.8% (.EXE) OS/2 Executable (generic) (2029/13) 11.6% (.EXE) Generic Win/DOS Executable (2002/3) 11.6% (.EXE) DOS Executable Generic (2000/1)
Reporter	JAMESWT_WT
Tags:	dll SVCReady TNT

Intelligence

File Origin

# of uploads :

# of downloads :

302

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/291509/

Detection(s):

SecuriteInfo.com.Ransom.Contigen18.24924.7065.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Creating a window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

conti packed

Link:

https://www.filescan.io/uploads/62d5156a7b83f958a96696fa/reports/3b4fd0d8-07fb-4b65-83fe-fce695232c5f/overview

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/a7c6f97a-f92d-4317-9b3a-4c5e988c97a1

Result

Threat name:

ReflectiveLoader, SVCReady

Detection:

malicious

Classification:

evad.troj

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1035623

Signature

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected ReflectiveLoader

Yara detected SVCReady Loader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2956779991070281c8dba226d96849ce5272818d38f96d29a7832e894b220ea4/

Threat name:

Win32.Ransomware.Conti

Status:

Malicious

First seen:

2022-07-18 08:10:10 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

15 of 26 (57.69%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fflhpgmra4bidsg3uitns2cjzzjhfamnhd4w2knhqmxisszcb2sa._file

Verdict:

malicious

SVCReady

1626dd76e3b8741e53c209beeda4431d318911dc2ee65da0a352a6b53c80a1d4

SVCReady

1dc652ce6616a4dc16dc065ab189eb0f365d02c1d1ec45a5875c41ff98b24753

SVCReady

48195f6a4343fb133da1fbca2ce7e8494ff6b5af88d813c8f61922952f55859f

SVCReady

71bc707f557a7f7470219611c8525f11d96d1b4abdbd64d715aeeb323bcf0288

SVCReady

dd997b080916cb253cdbc957ae129e1ca236e12b3328b69519d2ce9c5b071bc3

SVCReady

f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6

SVCReady

+ 103 additional samples on MalwareBazaar

Result

Malware family:

svcready

Score:

10/10

Tags:

family:svcready loader

Link:

https://tria.ge/reports/220718-j2pcysbgap/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Detects SVCReady loader

SVCReady

Unpacked files

SH256 hash:

2956779991070281c8dba226d96849ce5272818d38f96d29a7832e894b220ea4

MD5 hash:

f468aa98b57f2b8e82ad379963636de1

SHA1 hash:

801329532f74b8300a914a9ce17055da06747f9c

Link:

https://www.unpac.me/results/90c69f7a-ce76-42c2-b7dc-f2f2c219ae19/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.20

Link:

https://yomi.yoroi.company/submissions/2956779991070281c8dba226d96849ce5272818d38f96d29a7832e894b220ea4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	crime_win32_svcready_loader_unpacked Create hunting rule
Author:	Rony (@r0ny_123)

Rule name:	simp_dll_svcready Create hunting rule
Author:	@stoerchl
Description:	SVCReadyLoader DLL

Rule name:	svcready_bin Create hunting rule
Author:	James_inthe_box
Description:	SVCReady
Reference:	f690f484c1883571a8bbf19313025a1264d3e10f570380f7aca3cc92135e1d2e

Rule name:	SVCReady_Packed Create hunting rule
Author:	Andre Gironda
Description:	packed SVCReady / win.svcready

Rule name:	win_svcready_w0 Create hunting rule
Author:	@AndreGironda
Description:	packed SVCReady / win.svcready

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/291509/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample