MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e574712e1a0abafdba35c386299efdc02b758534abacca1843aec4c4b7eeb37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e574712e1a0abafdba35c386299efdc02b758534abacca1843aec4c4b7eeb37
SHA3-384 hash: 134c21510905566d1e2076cdb38c19a9398f76bd6a2c1d510120efa9207d7c1ae33fd67f2f040c802279f9ad6d7b0247
SHA1 hash: ce5ce8ad511a5aa299d5e79025fa114511e5a99e
MD5 hash: ced2f9f51660a7843a2f63a3579a9275
humanhash: jersey-steak-cat-winter
File name:SecuriteInfo.com.Trojan.Win32.Themida.9202.4364
Download: download sample
File size:3'769'344 bytes
First seen:2023-03-08 00:42:26 UTC
Last seen:2023-03-08 01:28:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 98304:R3dWuUPeZBYHmE6rGO+v7WUTBXo0U3p2d/dT5:R3dJUPeZBYJ6qOKTrUi/F5
Threatray 117 similar samples on MalwareBazaar
TLSH T1010633C7F69C9769DDAA10B181F6CF01C32389662055CF776A82F26A8DB319587B7C03
TrID 28.8% (.EXE) Win32 Executable (generic) (4505/5/1)
19.2% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
13.2% (.EXE) Win16/32 Executable Delphi generic (2072/23)
12.9% (.EXE) OS/2 Executable (generic) (2029/13)
12.8% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 70c89698e2a6f879
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
233
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Win32.Themida.9202.4364
Verdict:
No threats detected
Analysis date:
2023-03-08 00:48:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c801f58e-e6bd-4b86-89e7-769986924632

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/372454/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Themida.9202.4364.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Searching for analyzing tools
Searching for the window
Creating a window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
boaxxe packed
Link:
https://www.filescan.io/uploads/6407da1810ca2273c93e3b7f/reports/aa59319f-04fc-4fa0-adb3-b6762d312f33/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/2e574712e1a0abafdba35c386299efdc02b758534abacca1843aec4c4b7eeb37
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/e901fc73-e664-476c-b7b5-e056fe813569
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
42 / 100
Link:
https://www.joesandbox.com/analysis/1189102
Signature
Detected unpacking (changes PE section rights)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2e574712e1a0abafdba35c386299efdc02b758534abacca1843aec4c4b7eeb37/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fzluoexbucv27w5dlq4gfgpp3qblowctjk5mzimehlweys365m3q._file
Verdict:
unknown
Similar samples:
24d3076ab4d118463fd22a149ca441675826bdc2616c8bff164777846fcca653
3c0bc91e69e6a63c13a5c5109a5910701a29864884502454bfd54d9717d052a2
614d8a0cfd93b3ab2f4e01ea490ba9d350f7ea786a18b54785581777df71b371
71542a9dd0da516b5599228ace4fc9028ce2d389ec0fc1e68e9089ba174afe80
9f7dfb962e2bf51b8635de5abf80bede395c54abdd19ce0e7caa2343667fefe9
a6c1b03b91e9036ffdcc13af2a89a068fb8f62ff7b19b0ccd323fc51c6643484
fc67f616c652c250ffb7a6acd161f64cad63be69cb18d9d3b97456c3e5029dbb
+ 107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/230308-a2xvnace8y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks BIOS information in registry
Identifies Wine through registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Unpacked files
SH256 hash:
2e574712e1a0abafdba35c386299efdc02b758534abacca1843aec4c4b7eeb37
MD5 hash:
ced2f9f51660a7843a2f63a3579a9275
SHA1 hash:
ce5ce8ad511a5aa299d5e79025fa114511e5a99e
Link:
https://www.unpac.me/results/3d0afb20-5564-48f4-a88a-f942ce21a67d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2e574712e1a0abafdba35c386299efdc02b758534abacca1843aec4c4b7eeb37

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/372454/

Comments