MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 414ed95d14964477bebf86dced0306714c497cde14dede67b0c1425ce451d3d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 414ed95d14964477bebf86dced0306714c497cde14dede67b0c1425ce451d3d7
SHA3-384 hash: fcdd449207b30ebc745827b4b0946c59bf576c865da6c7a224abb2a6231a8206a9f4536560d22b5aac1263e8815184db
SHA1 hash: ea52df903b370d8e40099b57822e3b4b492c8bc2
MD5 hash: 6b8c777ab88d350de74d4daf5626114c
humanhash: edward-seven-steak-thirteen
File name:414ed95d14964477bebf86dced0306714c497cde14dede67b0c1425ce451d3d7
Download: download sample
File size:3'961'232 bytes
First seen:2022-11-17 13:51:50 UTC
Last seen:2022-11-17 15:44:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c109eb635f236d35cfb7a802cfecc912
ssdeep 49152:b6KvdcF9He5g2qw0eqld9O1KsRrpYRTzJl68gYOyDYRtWCp3l7ohuAkiX6nKOO6k:TvQe5l0eqldk1KsDtWC0uLiX6KOtcuS5
Threatray 2 similar samples on MalwareBazaar
TLSH T178069D21BDD18C77C27313314D59F23876FEE9B02B35CA4B13991B2D2E702A25B1966B
TrID 58.0% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
34.3% (.OCX) Windows ActiveX control (116521/4/18)
3.0% (.EXE) Win64 Executable (generic) (10523/12/4)
1.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.3% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 48ccc1c08ecfcc48
Reporter JAMESWT_WT
Tags:DTRACK exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
173
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
414ed95d14964477bebf86dced0306714c497cde14dede67b0c1425ce451d3d7
Verdict:
Malicious activity
Analysis date:
2022-11-17 13:57:38 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/d5d67aa5-9ba2-431a-bab4-689506b386eb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/335337/
Detection(s):
SecuriteInfo.com.BackDoor.NukeSped.79.22346.8737.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Sending a custom TCP request
Сreating synchronization primitives
DNS request
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
dtrack greyware keylogger nukesped overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/63763c83f75d59fef0b9ad67/reports/39e3e749-8f87-40de-8d3c-1fa703299bf8/overview
Malware family:
VSingle
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/791587db-e965-4f66-b8f7-f19dba79d99b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1115772
Signature
Antivirus / Scanner detection for submitted sample
Early bird code injection technique detected
Found API chain indicative of debugger detection
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queues an APC in another process (thread injection)
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/414ed95d14964477bebf86dced0306714c497cde14dede67b0c1425ce451d3d7/
Threat name:
Win32.Trojan.NukeSped
Create hunting rule
Status:
Malicious
First seen:
2022-01-27 03:37:46 UTC
File Type:
PE (Exe)
Extracted files:
111
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ifhnsxiuszchppv7q3oo2aygofges7g6ctpn4z5qyfbfzzcr2plq._file
Verdict:
malicious
Similar samples:
3fe624c33790b409421f4fa2bb8abfd701df2231a959493c33187ed34bec0ae7
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221117-q6dkksee67/
Behaviour
Suspicious use of WriteProcessMemory
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d5ba547e-b66a-4860-9e58-7e5dc7e515f6
Unpacked files
SH256 hash:
ca7f45f70de90d06154b8aa371519af52ef6b080a6055e117b132bf2c85ab9e5
MD5 hash:
797ed3ec67528044fcda1d64793fcb15
SHA1 hash:
90bee1e61126c8fd85c733f7a7e04b07d15fd132
Detections:
win_vsingle_auto
Create hunting rule
Link:
https://www.unpac.me/results/11652454-bc97-41e2-9d4b-abf07dfc2dc8/
SH256 hash:
414ed95d14964477bebf86dced0306714c497cde14dede67b0c1425ce451d3d7
MD5 hash:
6b8c777ab88d350de74d4daf5626114c
SHA1 hash:
ea52df903b370d8e40099b57822e3b4b492c8bc2
Link:
https://www.unpac.me/results/11652454-bc97-41e2-9d4b-abf07dfc2dc8/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:meth_stackstrings
Create hunting rule
Author:Willi Ballenthin
Rule name:Windows_Trojan_CobaltStrike_f0b627fc
Create hunting rule
Author:Elastic Security
Description:Rule for beacon reflective loader
Rule name:win_vsingle_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.vsingle.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/335337/

Comments