MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31e6f3fa131b6591a420a8bf657c9a360287608974584db2892942aa2f53be89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31e6f3fa131b6591a420a8bf657c9a360287608974584db2892942aa2f53be89
SHA3-384 hash: 29a5e66fc8b809062b701b0230e3cafaf3feaf60e409537020b6495f6d8f861a4d607b82683e11766299a185af5306f6
SHA1 hash: 3d85f4ac1681ff3a47c657abb5320bd8c35dbc5f
MD5 hash: 5cfe2da8b95e02e5f72570363530a3a7
humanhash: carpet-chicken-salami-alaska
File name:rodnmil.msi
Download: download sample
File size:3'178'496 bytes
First seen:2023-12-19 17:43:38 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 49152:WgZEeWK9YwPhH9D+/5Dvjm3mW5Y7vS9kgMV3NSmzoDWM5XnbE5XChpP9gY0dB0lg:kmD+FmWRAW+Gha
Threatray 3 similar samples on MalwareBazaar
TLSH T1B6E59F11BD9EC132E72F09719E59EA2B943DADE20B7204E7B3E4F85A15709C35336B42
TrID 80.0% (.MSI) Microsoft Windows Installer (454500/1/170)
10.7% (.MST) Windows SDK Setup Transform script (61000/1/5)
7.8% (.MSP) Windows Installer Patch (44509/10/5)
1.4% (.) Generic OLE2 / Multistream Compound (8000/1)
Reporter pr0xylife
Tags:msi

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468554/
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
alien anti-vm control evasive fingerprint greyware lolbin msiexec remote shell32
Link:
https://www.filescan.io/uploads/6581d665b855eb3693e6dd08/reports/e2fa8210-8b40-44d9-9891-42d5991e2997/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/31e6f3fa131b6591a420a8bf657c9a360287608974584db2892942aa2f53be89
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/31e6f3fa131b6591a420a8bf657c9a360287608974584db2892942aa2f53be89
Result
Threat name:
n/a
Detection:
suspicious
Classification:
evad
Score:
32 / 100
Link:
https://www.joesandbox.com/analysis/1364724
Signature
Drops executables to the windows directory (C:\Windows) and starts them
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 1364724 Sample: rodnmil.msi Startdate: 19/12/2023 Architecture: WINDOWS Score: 32 5 msiexec.exe 18 44 2->5         started        9 msiexec.exe 2 2->9         started        file3 15 C:\Windows\Installer\MSIA78F.tmp, PE32 5->15 dropped 17 C:\Windows\Installer\MSIA683.tmp, PE32 5->17 dropped 19 C:\Windows\Installer\MSIA653.tmp, PE32 5->19 dropped 21 5 other malicious files 5->21 dropped 23 Drops executables to the windows directory (C:\Windows) and starts them 5->23 11 msiexec.exe 5->11         started        13 MSIA78F.tmp 5->13         started        signatures4 process5
Score:
1%
Verdict:
Benign
File Type:
MSI
Link:
https://malprob.io/report/31e6f3fa131b6591a420a8bf657c9a360287608974584db2892942aa2f53be89
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/31e6f3fa131b6591a420a8bf657c9a360287608974584db2892942aa2f53be89/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ghtph6qtdnszdjbavc7wk7e2gybioyejorme3mujffbkul2tx2eq._file
Verdict:
malicious
Similar samples:
31e6f3fa131b6591a420a8bf657c9a360287608974584db2892942aa2f53be89
47d66c576393a4256d94f5ed1e77adc28426dea027f7a23e2dbf41b93b87bd78
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/231219-wa5l3sfgbq/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/31e6f3fa131b6591a420a8bf657c9a360287608974584db2892942aa2f53be89

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/468554/

Comments