MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32d4a464dae9552b1a5aaf8b95c1f22d3f99ebd112245fa1a3719ad12fa26ed6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32d4a464dae9552b1a5aaf8b95c1f22d3f99ebd112245fa1a3719ad12fa26ed6
SHA3-384 hash: e53929ea998a553b8521540ec23557ae8a431179a229a7132a59ed9cda4322c55450743dfe63aba9480651ca79aa408b
SHA1 hash: 4ee6cb0632af8cfe1c7b4e57918aae1a9c28682d
MD5 hash: aedde70fbec3b017bced97e32323e559
humanhash: johnny-violet-glucose-paris
File name:XER-34T.msi
Download: download sample
File size:1'855'488 bytes
First seen:2021-02-07 05:28:16 UTC
Last seen:2021-02-07 08:01:20 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 49152:D1h5IqVXCWJr3ARbQb51kWMBruQlBQxYkEm05gsoRzvsAyflelWyJS5Za6f0Y:Tz9AFQbbkW4oRzvssY
Threatray 29 similar samples on MalwareBazaar
TLSH 59858D1176D6863ED97F853476ABD73A14BD7E910BB558DB23C40A3B4EB40C202B2F26
Reporter johnk3r
Tags:banker

Intelligence

File Origin
# of uploads :
2
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/115939/
Detection(s):
SecuriteInfo.com.ArtemisTrojan.23292.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/32d4a464dae9552b1a5aaf8b95c1f22d3f99ebd112245fa1a3719ad12fa26ed6/
Threat name:
Script.Downloader.BanLoad
Create hunting rule
Status:
Malicious
First seen:
2021-02-05 07:30:54 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  3/5
Verdict:
suspicious
Similar samples:
0315adcc923596016a179b68fe0aeedfab50f8b9278f539b5858dc7606a9d670
0f12408c06ccf60608a60572d521bbc8012e6ce7e0d701781a0a33e0e1fd1519
221209ea7151b399298c882daa26297c5b299f44369340d1050c82ff2b8865d8
80b767be044fed7b482d96625401d23cee2a881d3a1c8d2ab06179deae99d345
84783081ade87f5a4a1902a275eb66c7fe8ebef9e43cdd2d4527bdb1a5a51f04
9ef798f213e1041e42d18ac0c8f9719e6e35adb0c082dde900ae364e0d591322
c3a382298e7b40c769094035a49abe71314c89509848cd9485467c2179193a0f
cb25c52259fd5629dacb98a954ccc4aa5e6dc15629122750b381427f7a5b1358
dda31f92fcb8e94899981ba0cc4aa9c6b1a8fea440268092c011636ed95ce1a9
eb9410f5031797ccc6f446cb0c0d3c6f6a6c927f990c8aa5e01f7bffaccbab09
+ 19 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
bootkit persistence ransomware
Link:
https://tria.ge/reports/210207-tvtcawkpxs/
Behaviour
Modifies data under HKEY_USERS
Modifies registry key
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Adds Run key to start application
Enumerates connected drives
Loads dropped DLL
Blocklisted process makes network request
Modifies WinLogon to allow AutoLogon
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Banload
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/32d4a464dae9552b1a5aaf8b95c1f22d3f99ebd112245fa1a3719ad12fa26ed6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Microsoft Software Installer (MSI) msi 32d4a464dae9552b1a5aaf8b95c1f22d3f99ebd112245fa1a3719ad12fa26ed6

(this sample)

b069122dc7216b75d213aebc78bf4972d9f125af87c5519e28ca2a0d80f0f15a

  
Dropping
SHA256 b069122dc7216b75d213aebc78bf4972d9f125af87c5519e28ca2a0d80f0f15a
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/115939/

Comments