MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a4f52e877fbc6c6773407d46a5f820523a4254e88d1889bd52b628b5a8b2494. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a4f52e877fbc6c6773407d46a5f820523a4254e88d1889bd52b628b5a8b2494
SHA3-384 hash: 627fc75ab4edaa7cf4c6d0cd889abf49be4784a174c51a338c354195adfc0140ed60abb1ac7ef78219280edf49450e08
SHA1 hash: 3400b76519faa211ac09e16a786801c8269fc9ec
MD5 hash: 8bbc71bfca95de5ebb9679e32b501d90
humanhash: georgia-carpet-oranges-lamp
File name:file
Download: download sample
File size:60'125 bytes
First seen:2024-10-17 15:39:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e163292b217fe935db063cc7d6af0f13
ssdeep 768:NOXmqd8BDsyhno7wmW28XqKqsRgcTGdVgX3vZwIf2iDL4h:YX0psy1okmW28XbUcTGdVgX3xwIf2KO
TLSH T16443A3D1AFD58C9AD59A537C51EB9721273CFAD08A9243078A3076312F53BC06EC736A
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10522/11/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter jstrosch
Tags:exe X64


Avatar
jstrosch
Found at hxxp://130.61.181[.]50/ransomware/payload.exe by #subcrawl

Intelligence

File Origin
# of uploads :
1
# of downloads :
221
Origin country :
CA CA
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win64.MalwareX-gen.10331.25117
Verdict:
Malicious activity
Analysis date:
2024-10-14 18:41:56 UTC
Tags:
opendir loader
Link:
https://app.any.run/tasks/68e37747-ece7-4ade-b1c4-a98c555da84f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.74317245.19031.5874.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67112fe034f884d15c8c5aeb
Tags:
powershell injection exploit obfusc
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug overlay
Link:
https://www.filescan.io/uploads/67112fdcb8693873ac834163/reports/3a0f8552-e187-45c5-a66f-ddacdd501195/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/2a4f52e877fbc6c6773407d46a5f820523a4254e88d1889bd52b628b5a8b2494
Result
Verdict:
MALICIOUS
Malware family:
Generic Admin Tool
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/351d6056-c3e0-4c3a-b682-d27b0a0e1504
Result
Threat name:
n/a
Detection:
suspicious
Classification:
n/a
Score:
23 / 100
Link:
https://www.joesandbox.com/analysis/1536230
Signature
AI detected suspicious sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1536230 Sample: file.exe Startdate: 17/10/2024 Architecture: WINDOWS Score: 23 15 AI detected suspicious sample 2->15 7 file.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 timeout.exe 1 9->13         started       
Score:
87%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/2a4f52e877fbc6c6773407d46a5f820523a4254e88d1889bd52b628b5a8b2494
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a4f52e877fbc6c6773407d46a5f820523a4254e88d1889bd52b628b5a8b2494/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fjhvf2dx7pdmm5zua7kgux4caur2ijkordiyrg6vfnriwwuleska._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/241017-s4cavatanb/
Behaviour
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f0ff17db-3106-4d3a-a700-9f492152fca0
Unpacked files
SH256 hash:
2a4f52e877fbc6c6773407d46a5f820523a4254e88d1889bd52b628b5a8b2494
MD5 hash:
8bbc71bfca95de5ebb9679e32b501d90
SHA1 hash:
3400b76519faa211ac09e16a786801c8269fc9ec
Link:
https://www.unpac.me/results/25ec6281-1d7b-414a-bd9f-7197d1cc3ed0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2a4f52e877fbc6c6773407d46a5f820523a4254e88d1889bd52b628b5a8b2494

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2a4f52e877fbc6c6773407d46a5f820523a4254e88d1889bd52b628b5a8b2494

(this sample)

  
Delivery method
Distributed via web download
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3234769/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high
CHECK_TRUST_INFORequires Elevated Execution (uiAccess:None)high

Comments