MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41148bd3c83c0e9334cb8c54aee40a157314fa2f43ff82c780a661fb656675a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SVCReady


Vendor detections: 10


Intelligence 10 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41148bd3c83c0e9334cb8c54aee40a157314fa2f43ff82c780a661fb656675a1
SHA3-384 hash: 3b75c96535f55f143a4d8cdb0b4795ff90902c65fbb85cc667b2f0a59ba202f41c50e89a581279bb6123a3ad49c01afc
SHA1 hash: d15e1e7eb03f561d7bf237f365dfe9672339439f
MD5 hash: 222ebf178e46a2be70538ad88da0f26b
humanhash: indigo-king-football-johnny
File name:yA6F7.tmp.dll
Download: download sample
Signature SVCReady
Create hunting rule
File size:1'180'160 bytes
First seen:2022-07-26 08:39:19 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 24576:1M/BkIVYwdZpl3QEwgc/gTx3Q0hRejKEaqQm8PGKwE3h4L2wH/87/c9JdDUnWcaG:1
TLSH T15845BFB876047DD6667F467BDA96ECDC13B616229ACBA4CD8064BBC30563376FE02C04
TrID 38.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
26.3% (.EXE) Win32 Executable (generic) (4505/5/1)
11.8% (.EXE) OS/2 Executable (generic) (2029/13)
11.6% (.EXE) Generic Win/DOS Executable (2002/3)
11.6% (.EXE) DOS Executable Generic (2000/1)
Reporter Anonymous
Tags:dll SVCReady

Intelligence

File Origin
# of uploads :
1
# of downloads :
281
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/294215/
Detection(s):
Win.Exploit.Crypterx-9956853-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62dfa872b3bb70bb32e1aa58/reports/1b0c9edb-d1dc-4c9c-bced-46e9147cc3ac/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
svcready
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/811d670f-9309-4cab-af94-b835d85ae905
Result
Threat name:
ReflectiveLoader, SVCReady
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1040908
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Tries to delay execution (extensive OutputDebugStringW loop)
Yara detected ReflectiveLoader
Yara detected SVCReady Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41148bd3c83c0e9334cb8c54aee40a157314fa2f43ff82c780a661fb656675a1/
Threat name:
Win32.Trojan.CrypterX
Create hunting rule
Status:
Malicious
First seen:
2022-07-25 06:03:00 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iekixu6ihqhjgnglrrkk5zakcvzrj6rpip7yfr4auzq7wzlgowqq._file
Verdict:
malicious
Result
Malware family:
svcready
Create hunting rule
Score:
  10/10
Tags:
family:svcready loader
Link:
https://tria.ge/reports/220726-kkvzvafgcl/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Detects SVCReady loader
SVCReady
Unpacked files
SH256 hash:
41148bd3c83c0e9334cb8c54aee40a157314fa2f43ff82c780a661fb656675a1
MD5 hash:
222ebf178e46a2be70538ad88da0f26b
SHA1 hash:
d15e1e7eb03f561d7bf237f365dfe9672339439f
Link:
https://www.unpac.me/results/30b7b4fa-efc1-4743-8f13-3cdaf22312f9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/41148bd3c83c0e9334cb8c54aee40a157314fa2f43ff82c780a661fb656675a1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_win32_svcready_loader_unpacked
Create hunting rule
Author:Rony (@r0ny_123)
Rule name:simp_dll_svcready
Create hunting rule
Author:@stoerchl
Description:SVCReadyLoader DLL
Rule name:svcready_bin
Create hunting rule
Author:James_inthe_box
Description:SVCReady
Reference:f690f484c1883571a8bbf19313025a1264d3e10f570380f7aca3cc92135e1d2e
Rule name:SVCReady_Packed
Create hunting rule
Author:Andre Gironda
Description:packed SVCReady / win.svcready
Rule name:win_svcready_w0
Create hunting rule
Author:@AndreGironda
Description:packed SVCReady / win.svcready

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/294215/

Comments