MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32bdffcac86dd59e793576a5f230c54d4d1c355229dd068f396c2ca4c75ac0cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32bdffcac86dd59e793576a5f230c54d4d1c355229dd068f396c2ca4c75ac0cd
SHA3-384 hash: f30c9652bf5fc9bc8abb136f98c527600873ffa79bad359c4d98e8f6436164465802695cb5532ed662ee144b867e9251
SHA1 hash: bd36384214979108980fb5a50193c527de900129
MD5 hash: 8fe3f36351d06fa3503e3174203f2c1e
humanhash: glucose-stream-football-fourteen
File name:SecuriteInfo.com.Trojan.GenericKD.69586070.2774.9020
Download: download sample
File size:4'960'448 bytes
First seen:2023-10-06 02:30:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 04c6e1a8dccbd1c9787d5bc8ddea6c5b
ssdeep 98304:HlDNiMq/EgR+5RfectsesZkhiJ9qciXfE/lB3NrmNZq:FDoMqzuRfectsesZkhiJ92PE9PrmNc
TLSH T1DE36BF17BB608937C6A31778499B47E8583EFE442E24B58B37F12C4C2F79651383A297
TrID 47.6% (.EXE) InstallShield setup (43053/19/16)
15.6% (.EXE) Win32 Executable Delphi generic (14182/79/4)
11.6% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.EXE) DOS Borland compiled Executable (generic) (10000/1/2)
4.9% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 1078f4580c4c4659
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
342
Origin country :
FR FR
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.69586070.2774.9020.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
DNS request
Sending a custom TCP request
Searching for the window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cmd control explorer greyware keylogger lolbin masquerade overlay packed replace shell32
Link:
https://www.filescan.io/uploads/651f7167be42b2ac8e5d0662/reports/8816b1ab-df7e-49ef-ab94-a287a76e983e/overview
Verdict:
Suspicious
Labled as:
BScope.Trojan
Link:
https://www.hybrid-analysis.com/sample/32bdffcac86dd59e793576a5f230c54d4d1c355229dd068f396c2ca4c75ac0cd
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/6b27a56a-086b-47d2-b0ec-17a8c117d0f0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/32bdffcac86dd59e793576a5f230c54d4d1c355229dd068f396c2ca4c75ac0cd/
Threat name:
Win32.Spyware.Lummastealer
Create hunting rule
Status:
Suspicious
First seen:
2023-10-04 16:47:18 UTC
File Type:
PE (Exe)
Extracted files:
143
AV detection:
10 of 23 (43.48%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gk677swinxkz46jvo2s7emgfjvgrynksfhoqndzznqwkjr22ydgq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/231006-czpsdagf9z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
32bdffcac86dd59e793576a5f230c54d4d1c355229dd068f396c2ca4c75ac0cd
MD5 hash:
8fe3f36351d06fa3503e3174203f2c1e
SHA1 hash:
bd36384214979108980fb5a50193c527de900129
Link:
https://www.unpac.me/results/3fd91dd1-db04-409f-92fb-dda4c1326849/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/32bdffcac86dd59e793576a5f230c54d4d1c355229dd068f396c2ca4c75ac0cd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:meth_peb_parsing
Create hunting rule
Author:Willi Ballenthin
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:QbotStuff
Create hunting rule
Author:anonymous
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 32bdffcac86dd59e793576a5f230c54d4d1c355229dd068f396c2ca4c75ac0cd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2716253/
  
Delivery method
Distributed via web download

Comments