MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31152d25d4e3b3b55975014c5fb9db765458459845a93b1bd7c1c9cd14ada872. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31152d25d4e3b3b55975014c5fb9db765458459845a93b1bd7c1c9cd14ada872
SHA3-384 hash: 6cae815d372407a635e1278cefb371523c2020cc9a053b94c3d6e59b924a653d9cc6a30a87472893c0f40d7570a0a999
SHA1 hash: a6ebc754caf50aae8084aacb4439a05b068f8b03
MD5 hash: e14dce74d6e3739c357bd24a84e7e221
humanhash: butter-colorado-butter-kilo
File name:SecuriteInfo.com.Trojan.Inject4.9563.26789.18040
Download: download sample
File size:235'008 bytes
First seen:2021-03-24 22:43:46 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 97b333f621cbdd1bbbfa4f750aff54d3
ssdeep 3072:I3kJuMHwEhZhcJH9HdXAS7WwIHnfWztls7MK0XCAlLLvZ8oirn7b2FWkXwgRjcsq:bHwEThcJPtPIH+Y7r+LL+RT2zXlRpa
Threatray 203 similar samples on MalwareBazaar
TLSH 103422FBAA905A3AE3F3C0769EEF15410C624426661199E7DD35309A4FCCF24347AF02
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.9563.26789.18040.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f75dbc3f-e985-44a1-a67b-925468ad5e1d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/653153
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 375527 Sample: SecuriteInfo.com.Trojan.Inj... Startdate: 25/03/2021 Architecture: WINDOWS Score: 52 27 Multi AV Scanner detection for submitted file 2->27 29 Machine Learning detection for sample 2->29 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        process5 16 rundll32.exe 10->16         started        18 WerFault.exe 6 9 12->18         started        20 WerFault.exe 9 14->20         started        process6 22 WerFault.exe 19 9 16->22         started        dnsIp7 25 192.168.2.1 unknown unknown 22->25
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/31152d25d4e3b3b55975014c5fb9db765458459845a93b1bd7c1c9cd14ada872/
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2021-03-24 01:21:58 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
41c3883da8b2fefc8e7a686adec3556efc6ac787d926d7cd4953706c2561c437
55eafe5ee9719fac131fda78d5915adbd82202baa57c6815672063c06c6a7024
7f6018e156efcd3243dfc28a245596897f68129037771eba60c08fe28953d4d3
a972efc79711df0c08313548c8febb09e4541581c2a7816e0ee917d6cf6bda87
bce43770e73f0f3a79fd66a828df74fabb14f91af0b87403a849d178efb7a5eb
c66385846e9711db8b0ffb1896d46841b903b8d8e464f0136d60340ad795eb06
d477258f5e26463f46c21623d8019ed00813728cba7c87039f77c1c9e0b553fe
dc2e4314a026125eda52f665c38b7104ac65969ff375e0042cf66bfb7869ad34
ef32df31e5443a381c540a31d54717790a156ecbee2da9746e77b04fd2b97eeb
fd1e5bfc8f80ad6ba66790ced71e4b092cb7fce3dcf6cd9b506c7c0eab159ca3
+ 193 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210324-6p6ht8gnta/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
31152d25d4e3b3b55975014c5fb9db765458459845a93b1bd7c1c9cd14ada872
MD5 hash:
e14dce74d6e3739c357bd24a84e7e221
SHA1 hash:
a6ebc754caf50aae8084aacb4439a05b068f8b03
Link:
https://www.unpac.me/results/14809a8d-1e91-4276-a428-fa57d67c1c27/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/31152d25d4e3b3b55975014c5fb9db765458459845a93b1bd7c1c9cd14ada872

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments