MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45713edb584d9cac094ef01425dddcae633169d009faedc91dea1170d6574772. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45713edb584d9cac094ef01425dddcae633169d009faedc91dea1170d6574772
SHA3-384 hash: 087ed0ff51273a77a00deeefdfc7a1647e12e4f2427080c12551ffdb45927a97adf0d90c9f9f7f0cb82a7be70aa2e7c9
SHA1 hash: b538ac83398df8758d95b6f4b1f950cf2df8f52a
MD5 hash: d59abf58f353b9cf0aad303a59433569
humanhash: white-cold-eighteen-carpet
File name:SecuriteInfo.com.Trojan.MulDrop24.49980.21384.9329
Download: download sample
File size:2'648'640 bytes
First seen:2024-01-27 04:26:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ae9e38912ff6bd742a1b9e5c003576a (10 x DCRat, 7 x RedLineStealer, 4 x AsyncRAT)
ssdeep 49152:sILfRQmfU3w039un+lIyPYA3y0MGHqzIV3Zd2GS6eUGrEOUnkMqJ:suRQCONnKyPZi0M3zG3Lt/GrE12J
TLSH T1B1C523027AD29A73C53328336A56CF20997E7D705F3149CB23A0A96DDE621C1CA35F97
TrID 89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter SecuriteInfoCom
Tags:exe signed

Code Signing Certificate

Organisation:Bitsum LLC
Issuer:DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2023-02-07T00:00:00Z
Valid to:2025-03-08T23:59:59Z
Serial number: 0b494d7df02097107b9065025133fe92
Intelligence: 27 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: b309179e6516e33d374264683b0751db5f23b09e625ff0b6a4163df28051d08c
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
321
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
12.4.1.10.P.rar
Verdict:
Malicious activity
Analysis date:
2024-01-16 11:32:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3f77ed50-437e-443c-8696-fa5f39b3e1fc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/473140/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop24.49980.21384.9329.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Creating a process from a recently created file
Sending a custom TCP request
Enabling autorun by creating a file
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/45713edb584d9cac094ef01425dddcae633169d009faedc91dea1170d6574772
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/20880f28-d703-422b-bf47-c7757544d793
Result
Threat name:
n/a
Detection:
clean
Classification:
evad
Score:
16 / 100
Link:
https://www.joesandbox.com/analysis/1382041
Behaviour
Behavior Graph:
n/a
Score:
6%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/45713edb584d9cac094ef01425dddcae633169d009faedc91dea1170d6574772
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/45713edb584d9cac094ef01425dddcae633169d009faedc91dea1170d6574772/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ivyt5w2yjwokycko6akclxo4vzrtc2oqbh5o3si55iixbvsxi5za._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/240127-e2qhssdbd7/
Behaviour
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Unpacked files
SH256 hash:
f3832637896287bb86d86f4edf049460917699e7a82444f090070d05f0a7e3d9
MD5 hash:
0ee74c7d54db2fa2787d5db00e5a2f6a
SHA1 hash:
954fcfc2aa10cfa479fc812d0dc092067087daed
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
efbf5cba935cad05824344907c2cfbd296895d2d50121fe7a69f5f80a5a2e157
MD5 hash:
e7819b982dbd271684f88d779f66c850
SHA1 hash:
5b8b998a25a787b6a722e5c7b97931b05e6c1e3e
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
e49c03f7f441d27240ed1616dd5930f3fb8531ffb77100f43b2e4c9396465b87
MD5 hash:
15f5dbb0ac41b11c91fd2d6d269df873
SHA1 hash:
f905a87752d3f594555ccb7388aef96bf2f7ff8d
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
dfd0d7eb15ba5e447f7fc997bb103b0ea2db32c7b3844359ab14b1603dd48c68
MD5 hash:
3ffa7df26c919f11d5fa6730e906cc1a
SHA1 hash:
d518fbac1e83d538794626c054c90ec3f6bddbaa
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
cf5e718adc97cbfb6b010550883c211a80e265234354f33c87c9e99e063cfd8d
MD5 hash:
ffcf9458916179e06e2347e004d8df68
SHA1 hash:
956efa1b82a883b1f6416801ea8c77da85265a43
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
ca4394ef0e14a05742a7e19179172ac95bcbf30b84144b4efb697be518e8239e
MD5 hash:
69522a906a9b71b9233649e645271990
SHA1 hash:
9eb56819fd280202a14181b78a9ffd8f329c5111
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
a7c7a4a6c2da955dd976e29df6bdda40eccdf23514f0f48b0c14620839fafcef
MD5 hash:
05e8679933790d934787c6aebc48d50b
SHA1 hash:
86ad265122b7bbab3d537d120d330a5137b66dc8
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
9f70b14dbd466b0349f0467fb597bfbab057e2fba70e83a68c086973bf185a9d
MD5 hash:
1ba4daa70c539a38cc5c211d4f8268de
SHA1 hash:
72a7def1037322ea2c7ec192f598056188e7aa49
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
87e8720283a1d1d517431ebd4495fe0a3becbd31701eaf1637553e5c89754b78
MD5 hash:
ff8d8869c3ccd115feb54df21d7e2f73
SHA1 hash:
c5bab41b7ec0b723c5eaab00d1a7a24a429fe8bb
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
6b0583407af6bd4a94b438a9cd56c7778cf970e60f2cc407720d39cce1e6897f
MD5 hash:
ae044dc6f123bad6498e5aa358e0b2f2
SHA1 hash:
747bbf384e4248d812bfe29146f25efaca73e103
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
63f9a7b0fb9561da3427366f1338a16cb8551f27b156778f3f1efb1c82dbb131
MD5 hash:
a8371c7ea8b459f2318fad00c4ca2724
SHA1 hash:
78a35f32b595bddf10dbecc045a92d3a4f406928
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
61a1b11b37070fb8b8f907fd1ecc64917dab7138f28d047fc7b11160a30abba6
MD5 hash:
12b572d00de35b4fa191b04c23ebce58
SHA1 hash:
8e6043c04f01f3911a0f5ca9e18889595b4b277e
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
5f8a395a559efce7d30ab73c1efd91b936df03d2e226e0794754a167b967f244
MD5 hash:
af4c112f7947f36cbdf1ff35af0a03bc
SHA1 hash:
e4718789d56c3c79e1fc5dfa7e746791c63fd6b9
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
5d6439b2a8d1d61749f8a69c496c159b314f86629f731369822a96f98749d718
MD5 hash:
5b5effdae1d978796cb15b7fc08368ba
SHA1 hash:
bd0c6951ee5cf2bb51a6c564830b78f7597be15a
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
57039c6d8e3b10a09636484ca885f78e186df379006773101d4551e665926ec3
MD5 hash:
06f5217f62fd1e61db39bfd76a555c6c
SHA1 hash:
7737d5fa693edf1d8569786110fbfa70c9ad2276
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
41923b2e66abddff90941d78630b05e4e4c6a7d082f0aa1408e2282d40d3b15d
MD5 hash:
cc1e0799ffa8e07034f949b67aadbd2f
SHA1 hash:
4b1f1be93d1dcb54e1b724d838e3c2410a3ab450
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
37121c7794a77e4342113ddefa2dc9bb2baa22123e5437451cfb09eee9330152
MD5 hash:
d54f96bb181bbf0da33c1ee7047d0bb9
SHA1 hash:
7697245b3ed0fc03d05114996383243f19c8c6e3
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
SH256 hash:
45713edb584d9cac094ef01425dddcae633169d009faedc91dea1170d6574772
MD5 hash:
d59abf58f353b9cf0aad303a59433569
SHA1 hash:
b538ac83398df8758d95b6f4b1f950cf2df8f52a
Link:
https://www.unpac.me/results/4acbef22-2736-42c3-9818-128aa7e81883/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SelfExtractingRAR
Create hunting rule
Author:Xavier Mertens
Description:Detects an SFX archive with automatic script execution
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/473140/

Comments