MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e24e97aba6e7432395abc346ee3484b9dbadbe803a046a84ea41529d6ed8c89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e24e97aba6e7432395abc346ee3484b9dbadbe803a046a84ea41529d6ed8c89
SHA3-384 hash: 877d38498166282622efc46f7050a6e552ecfdc2520a544da7ccc34dcdb99c5a93969aed9b93b077919dd24c0c2a99f9
SHA1 hash: d32d70daa59b32581909fa6ceae676e1b56daee7
MD5 hash: 4eeb97de95b657bdf03b3da83f96c3db
humanhash: bulldog-ink-happy-uranus
File name:SecuriteInfo.com.Win64.PWSX-gen.8281.26128
Download: download sample
File size:721'920 bytes
First seen:2023-06-19 07:32:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:ulLQW2jd7k7qPUOGy1fSG87f7xU2pyv2fczHTTAJiULFH6NooFoUd7A9BG/X7D:+L5trsP8DNluYCMJZHOoKobnK
Threatray 11 similar samples on MalwareBazaar
TLSH T132E42349D16F9E42D81FA1BDF6469008A9F397B1EB0BC52E07C2477B753B1866230AC7
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
263
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win64.PWSX-gen.8281.26128
Verdict:
Malicious activity
Analysis date:
2023-06-19 07:34:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6a657dd5-75ce-4f86-85fb-f137bd4f7b30

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/400318/
Detection(s):
SecuriteInfo.com.Win64.PWSX-gen.8281.26128.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Creating a file
Сreating synchronization primitives
Sending a custom TCP request
Forced shutdown of a system process
Unauthorized injection to a system process
Gathering data
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/3e24e97aba6e7432395abc346ee3484b9dbadbe803a046a84ea41529d6ed8c89
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c549f937-fc21-4388-b622-d83ae7b12de8
Result
Threat name:
n/a
Detection:
malicious
Classification:
expl.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1257139
Signature
.NET source code contains very large array initializations
.NET source code references suspicious native API functions
Injects a PE file into a foreign processes
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e24e97aba6e7432395abc346ee3484b9dbadbe803a046a84ea41529d6ed8c89/
Threat name:
ByteCode-MSIL.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2023-06-19 06:51:45 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
4
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hysos6v2nz2deok2xq2g5y2ijoo3vw7iaoqenkcouqkstvxnrseq._file
Verdict:
malicious
Similar samples:
06dc6394565b70ac8efd2cc98225cf3ec9b5f7711e036189b186340c591e4f67
0a0c50dbc5d0c9811bfd0552ddd075e0e1df2cf07049cc546e41f9bf08cb8290
28332d3e7e3ec9047ce5a3d3304764345680189e9def1eb54565d7c952bc9bc3
34bb306b3f95e91956508cc278a341c0b8d9930797da087dd58724d6c8e90ac2
4d9e0a28423515a1574837873cc75c3c495daebf2247e5353f9028d97ccf3fb6
670bc9a86f72af2ab43a89c576a4e1874ce188b35a1f5656ea27f4b7ac3d5f09
752cd9b98abfd8737d90c300de0ffb7c471a0b94a8a6f870931a7d69ac424281
8ee291c9153a33f1f76ffd3c67d69162c6459cfde019634707339ddbf2793582
ac8608bc5b4c0f07e986efa1965ea77825ef430b4c7699e569a43877aeebc6a5
e43e5c816ce04f8fa14c819ff2b5bfc02c03e27a4b0a6b85875ef11ea4d4489f
+ 1 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230619-jcy6vscd65/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Uses the VBS compiler for execution
Unpacked files
SH256 hash:
3e24e97aba6e7432395abc346ee3484b9dbadbe803a046a84ea41529d6ed8c89
MD5 hash:
4eeb97de95b657bdf03b3da83f96c3db
SHA1 hash:
d32d70daa59b32581909fa6ceae676e1b56daee7
Link:
https://www.unpac.me/results/6de629cf-b681-49ea-9cd2-911a0197145a/
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/3e24e97aba6e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3e24e97aba6e7432395abc346ee3484b9dbadbe803a046a84ea41529d6ed8c89

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/400318/

Comments