MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 389a7b386cf1cb266462813f116b66c1e01fea86116a9c9c9630c890418fb2f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	389a7b386cf1cb266462813f116b66c1e01fea86116a9c9c9630c890418fb2f1
SHA3-384 hash:	6d565e2912ce2bb71799af4cdcdb4a29bad82ee826c859d4a5127dc86ec8d5b7263f79c1dffa12d92bfb9b3e8198c7cc
SHA1 hash:	ed494a14b1c5f46116582d4c20124adab5d08a1e
MD5 hash:	6ded49ae8ec00b7475f17c20a50eac9c
humanhash:	monkey-ink-uranus-kitten
File name:	SecuriteInfo.com.Win64.DropperX-gen.5482.22547
Download:	download sample
File size:	13'682'176 bytes
First seen:	2023-06-30 19:46:16 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	196608:vGFYCPlajIJpFElcbX8l1NB/FMjScYG8+KxJyiGRwCblthl6IkDDaVVivzWy:OF9ajIqlU8lvfcYD+MEtltOIkD+gD
Threatray	30 similar samples on MalwareBazaar
TLSH	T132D6235BF3D8ED71E58F66BEE152D9098363C41692EBB39D6A89B3F500C6770C908183
TrID	56.5% (.EXE) Win64 Executable (generic) (10523/12/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

255

Origin country :

FR

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win64.DropperX-gen.5482.22547.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Unauthorized injection to a recently created process

Restart of the analyzed sample

Creating a file

Sending an HTTP GET request to an infection source

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/649f313f51710bcd8d4384d8/reports/eb28e9c3-ebc9-4146-87d1-868901f80d5c/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_70%

Link:

https://www.hybrid-analysis.com/sample/389a7b386cf1cb266462813f116b66c1e01fea86116a9c9c9630c890418fb2f1

Result

Verdict:

MALICIOUS

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/84a1ceaf-c33b-4013-ab64-557b111fd91f

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/1264237

Signature

.NET source code contains potential unpacker

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Injects a PE file into a foreign processes

Modifies the context of a thread in another process (thread injection)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/389a7b386cf1cb266462813f116b66c1e01fea86116a9c9c9630c890418fb2f1/

Threat name:

ByteCode-MSIL.Trojan.Generic

Status:

Suspicious

First seen:

2023-06-28 22:59:28 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

3

AV detection:

15 of 24 (62.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hcnhwodm6hfsmzdcqe7rc23gyhqb72ugcfvjzhewgdejaqmpwlyq._file

Verdict:

malicious

Similar samples:

0bc099a8c737ad30b82d97b9dccab910e00c26da556b2f1d22e9a9c1e21e5bb8

0d5a17d3f0689e944a37bf9424e19493280b77c4014cbd3d1c491977fffdf869

24b05dea7290ca2ab8b49c9efd04492a09fc3e7d6cafba2003316c2a80155645

4b3fd775a80b08650b33e1df27b2dcad6d48740918776c7ff1a8d648927bb226

4e1e9baa83e4e1f612490a1348ba9d6aa431563ad96320705d3ea886a8ede4e9

5732c82b705016d7bf79058f82f45b01d18d2986fbc8454deeb2894da020a519

5ebccb834beb6f0ac7b5dbfc8953da3c6a7466031da905d6716b7127b54b5c45

66ec3c9fb1339c6925fb508c17190aa7869e24b149abcedd771aa53ea9de27fa

b2f8798998dde06bfda72a267a2373aed76a65012493167d0fa43e905388b2ba

f4d6fa18bba78d69e878956143665a8f6b489ad5fb5b292507debdc5d3db7008

+ 20 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

collection spyware stealer

Link:

https://tria.ge/reports/230630-yhj2fsee29/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

389a7b386cf1cb266462813f116b66c1e01fea86116a9c9c9630c890418fb2f1

MD5 hash:

6ded49ae8ec00b7475f17c20a50eac9c

SHA1 hash:

ed494a14b1c5f46116582d4c20124adab5d08a1e

Link:

https://www.unpac.me/results/7b5b6dc3-a60e-4087-bb2e-30262d28e382/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/389a7b386cf1/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.69

Link:

https://yomi.yoroi.company/submissions/389a7b386cf1cb266462813f116b66c1e01fea86116a9c9c9630c890418fb2f1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample