MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b3fd775a80b08650b33e1df27b2dcad6d48740918776c7ff1a8d648927bb226. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	4b3fd775a80b08650b33e1df27b2dcad6d48740918776c7ff1a8d648927bb226
SHA3-384 hash:	73b852304d21c6e22c7ba347eace2e74fe767666b9566562d6d8bc91bb4451f3ece4e77073e8fe2c2003ebc7be3b60f9
SHA1 hash:	a3809568f127194e9b8689ccd0a6e3a33a9c3107
MD5 hash:	cca6bb61fd97882215e1f79048962ba5
humanhash:	blue-twelve-ceiling-robert
File name:	SecuriteInfo.com.Win64.Malware-gen.30205.9755
Download:	download sample
File size:	13'770'752 bytes
First seen:	2023-06-30 19:46:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	196608:ISbbpDedIlQs40iwP8BIgNbNoyaqrEXJ/sJzrP575nUz+WWp3JUqoqG+Pr:T/j40r83BNoIr4J/+rfmTWpZ5G
Threatray	756 similar samples on MalwareBazaar
TLSH	T196D623087398CB53EADF0BBEA271112487BDD501A1CBA74F164CEAF594433A0D85ED9B
TrID	56.5% (.EXE) Win64 Executable (generic) (10523/12/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

227

Origin country :

FR

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win64.Malware-gen.30205.9755.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Sending an HTTP GET request to an infection source

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

masquerade packed

Link:

https://www.filescan.io/uploads/649f313af466327ee67c5789/reports/7842a0fd-6cc3-48af-992c-813004a986d7/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_70%

Link:

https://www.hybrid-analysis.com/sample/4b3fd775a80b08650b33e1df27b2dcad6d48740918776c7ff1a8d648927bb226

Result

Verdict:

MALICIOUS

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4f7e7175-3893-4851-b1c9-d04931f3721e

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1264240

Signature

.NET source code contains potential unpacker

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4b3fd775a80b08650b33e1df27b2dcad6d48740918776c7ff1a8d648927bb226/

Threat name:

ByteCode-MSIL.Dropper.CrimsonRAT

Status:

Malicious

First seen:

2023-06-28 22:59:37 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

3

AV detection:

16 of 24 (66.67%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jm75o5nibmegkczt4hpspmw4vvwuq5ajdb3wy77rvdleret3wita._file

Verdict:

malicious

Similar samples:

0bc099a8c737ad30b82d97b9dccab910e00c26da556b2f1d22e9a9c1e21e5bb8

0f0760eb43d1a3ed16b4842b25674e4d6d1239766243bac1d4c19341bb37d5b8

14537704270b4f5374035799ad456b43bd9c003a4f705f37a6aee9f3a80a03f8

24b05dea7290ca2ab8b49c9efd04492a09fc3e7d6cafba2003316c2a80155645

326e9ddf345c6128976b27ddab85e060e612b5977fc733448b5c0d7d5fa64c8b

5732c82b705016d7bf79058f82f45b01d18d2986fbc8454deeb2894da020a519

66ec3c9fb1339c6925fb508c17190aa7869e24b149abcedd771aa53ea9de27fa

b219506b8c5418d07c30c49b40ba373e2f21100fe529d79ff675941441b5a02f

ec786af55576e020a5cd63cefc5458b46868055b6222e255d35b4ec4689cbfd6

fc6ddb1f7644597b84d14e3efa4cd1a1d1ad0083141b3fa2a613cd3c092f6505

+ 746 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230630-yhh46aee26/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

4b3fd775a80b08650b33e1df27b2dcad6d48740918776c7ff1a8d648927bb226

MD5 hash:

cca6bb61fd97882215e1f79048962ba5

SHA1 hash:

a3809568f127194e9b8689ccd0a6e3a33a9c3107

Link:

https://www.unpac.me/results/c9e1c759-d5aa-4cf6-9888-652282f03908/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.69

Link:

https://yomi.yoroi.company/submissions/4b3fd775a80b08650b33e1df27b2dcad6d48740918776c7ff1a8d648927bb226

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample