MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 444366925e6f7291b8bc85405abf7ad12b9cc48258b29058f67135aa9cfd0d52. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 444366925e6f7291b8bc85405abf7ad12b9cc48258b29058f67135aa9cfd0d52
SHA3-384 hash: 2f0218f40257287bbd1a7a2a2bbe15865d750b1b372a2e86c7e85c12d41b938b5cb0190fd6c7bc0f5885cbe6125c5eab
SHA1 hash: 9295063f5786c26612e4c7addf8d2aecb60db4e4
MD5 hash: c6ef634779facf10516f0dd6d0d1757c
humanhash: carolina-mobile-stairway-chicken
File name:adobem.dll
Download: download sample
File size:1'084'416 bytes
First seen:2024-11-28 08:08:31 UTC
Last seen:2024-12-02 22:00:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e49d000da67b0f497e549fe07526f53d
ssdeep 12288:yl6O8XUH1oZ9uA2AP8JPbCu1+NNcU6QMiXhfN47/mX0x30JQTZk:c98XUeTNPG1MNQmN47i0Sm
TLSH T1C935EB0AE6B611E4E5BAC138D5A3322AFC7138558338ABD79791560B1F71FE4E93E700
TrID 72.7% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
13.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
2.5% (.EXE) OS/2 Executable (generic) (2029/13)
2.5% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter JAMESWT_WT
Tags:62-133-60-137 exe shopping-nice-com Spam-ITA

Intelligence

File Origin
# of uploads :
2
# of downloads :
395
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Tracking (651).js
Verdict:
Malicious activity
Analysis date:
2024-11-26 23:22:07 UTC
Tags:
susp-powershell wmi-base64 loader
Link:
https://app.any.run/tasks/8831abc7-c39c-4268-b0b8-f863e7f0a3a9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.74946153.2881.12751.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=674826d8d0583382434ba527
Tags:
virus
Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
fingerprint masquerade microsoft_visual_cc
Link:
https://www.filescan.io/uploads/67482521d3b2d0d010aa4fa1/reports/075b4b9c-0c3a-40d5-b8b0-c65ab78300c9/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/444366925e6f7291b8bc85405abf7ad12b9cc48258b29058f67135aa9cfd0d52
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/e81aa357-e45d-4d14-a1f6-85a02cc3970b
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1564068
Signature
Loading BitLocker PowerShell Module
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
n/a
Score:
88%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/444366925e6f7291b8bc85405abf7ad12b9cc48258b29058f67135aa9cfd0d52
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/444366925e6f7291b8bc85405abf7ad12b9cc48258b29058f67135aa9cfd0d52/
Threat name:
Win64.Dropper.Malgent
Create hunting rule
Status:
Malicious
First seen:
2024-11-27 04:37:34 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
13 of 24 (54.17%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=irbwnes6n5zjdof4qvafvp322evzzreclczjawhwoe22vhh5bvja._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
execution
Link:
https://tria.ge/reports/241128-j1421sxlhj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/6946f7b2-21b9-4be5-937a-a2ad055072e4
Unpacked files
SH256 hash:
444366925e6f7291b8bc85405abf7ad12b9cc48258b29058f67135aa9cfd0d52
MD5 hash:
c6ef634779facf10516f0dd6d0d1757c
SHA1 hash:
9295063f5786c26612e4c7addf8d2aecb60db4e4
Link:
https://www.unpac.me/results/04b44ab8-03c9-468d-a16c-a41cd6cac0b6/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 444366925e6f7291b8bc85405abf7ad12b9cc48258b29058f67135aa9cfd0d52

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3309927/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high
Reviews
IDCapabilitiesEvidence
GDI_PLUS_APIInterfaces with Graphicsgdiplus.dll::GdiplusStartup
gdiplus.dll::GdiplusShutdown
gdiplus.dll::GdipAlloc
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WinExec
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleOutputCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW

Comments