MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48d2a301620cb687294e291329c0e8d0d4a69f7278f87068c2e3c51203f11581. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48d2a301620cb687294e291329c0e8d0d4a69f7278f87068c2e3c51203f11581
SHA3-384 hash: c2f519c41dfabbd090f9178c8e5b04f23fe751aaf3360aec04866c95f1dc2c41ca78f14fe8917a6d83f2432e76a0a551
SHA1 hash: f03b403dbfddb80c8a1c6434276070c84e2b1df8
MD5 hash: d2037eab835c88b99b20e4e6796d44f5
humanhash: island-mirror-april-mockingbird
File name:48d2a301620cb687294e291329c0e8d0d4a69f7278f87068c2e3c51203f11581
Download: download sample
File size:1'888'256 bytes
First seen:2024-09-12 09:03:32 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 49152:Bmfi/qwMIYSGey283622bbT158+91HupvawXRV:BS832283KT15P1HupvamX
Threatray 3 similar samples on MalwareBazaar
TLSH T19C9533F5FBA7C621D3072BF89649C1E127827E67974F86B2E560F51C0933068A53B48E
TrID 88.4% (.MST) Windows SDK Setup Transform script (61000/1/5)
11.5% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter JAMESWT_WT
Tags:209-182-225-110 msi

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Malware.PDB-62.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66e2ae84751db35a8b9f7f47
Tags:
Discovery Network Stealth Agent
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
installer
Link:
https://www.filescan.io/uploads/66e2ae85bdad87459813d368/reports/4b31e1bf-3aac-404d-81c8-7158a1a1451e/overview
Verdict:
Malicious
Labled as:
TR/Spy.Agent
Link:
https://www.hybrid-analysis.com/sample/48d2a301620cb687294e291329c0e8d0d4a69f7278f87068c2e3c51203f11581
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/48d2a301620cb687294e291329c0e8d0d4a69f7278f87068c2e3c51203f11581
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1509945
Signature
AI detected suspicious sample
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Drops PE files with a suspicious file extension
Injects code into the Windows Explorer (explorer.exe)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1509945 Sample: KeB00e9poi.msi Startdate: 12/09/2024 Architecture: WINDOWS Score: 84 38 x1.i.lencr.org 2->38 40 api.ipify.org 2->40 48 Antivirus detection for dropped file 2->48 50 Antivirus / Scanner detection for submitted sample 2->50 52 Multi AV Scanner detection for submitted file 2->52 54 AI detected suspicious sample 2->54 9 msiexec.exe 9 24 2->9         started        13 msiexec.exe 3 2->13         started        15 explorer.exe 2 2->15         started        signatures3 process4 file5 34 C:\Users\user\AppData\Local\Temp\app.com, PE32 9->34 dropped 36 C:\Windows\Installer\4ddf6c.msi, Composite 9->36 dropped 60 Injects code into the Windows Explorer (explorer.exe) 9->60 17 cmd.exe 1 9->17         started        19 explorer.exe 1 9->19         started        62 Drops PE files with a suspicious file extension 13->62 21 Acrobat.exe 75 15->21         started        signatures6 process7 process8 23 app.com 15 17->23         started        27 conhost.exe 17->27         started        29 AcroCEF.exe 107 21->29         started        dnsIp9 42 209.182.225.110, 49746, 49753, 80 SHOCK-1US United States 23->42 44 api.ipify.org 104.26.12.205, 443, 49730 CLOUDFLARENETUS United States 23->44 56 Antivirus detection for dropped file 23->56 58 Multi AV Scanner detection for dropped file 23->58 31 AcroCEF.exe 2 29->31         started        signatures10 process11 dnsIp12 46 104.77.220.172, 443, 49744 AKAMAI-ASUS United States 31->46
Score:
50%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/48d2a301620cb687294e291329c0e8d0d4a69f7278f87068c2e3c51203f11581
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48d2a301620cb687294e291329c0e8d0d4a69f7278f87068c2e3c51203f11581/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-09-10 13:38:19 UTC
File Type:
Binary (Archive)
Extracted files:
29
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jdjkgalcbs3iokkofejstqhi2dkknh3spd4ha2gc4pcrea7rcwaq._file
Verdict:
malicious
Similar samples:
48d2a301620cb687294e291329c0e8d0d4a69f7278f87068c2e3c51203f11581
4c380b1c9202405487e7b5926d6c571d7aa2d2db94467aaef78e383f53a768ba
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery persistence privilege_escalation
Link:
https://tria.ge/reports/240912-k1k5kszglm/
Behaviour
Checks SCSI registry key(s)
Checks processor information in registry
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Looks up external IP address via web service
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/c9f3e6ad-b579-47e4-8592-f81e02965288
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/48d2a301620cb687294e291329c0e8d0d4a69f7278f87068c2e3c51203f11581

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments