MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b4c5bb719c694d00ae228c4ed3a86d97b848ef231f80aff9a5a3facdf579643. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b4c5bb719c694d00ae228c4ed3a86d97b848ef231f80aff9a5a3facdf579643
SHA3-384 hash: 34a1e49207cd030f45bbfd618692e2f749108a65867f5557b7b28a69abb112311b4d87377cec6cfee8ba45074693a74a
SHA1 hash: ad5541aa6cab114b16a0c2a672f5907f427fc4a5
MD5 hash: f1171757917bda367914537dec2e5ef2
humanhash: kentucky-mirror-salami-autumn
File name:SecuriteInfo.com.Variant.MSILHeracles.52322.6803.9652
Download: download sample
File size:27'648 bytes
First seen:2023-03-23 08:32:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 768:U34fTQjUSCsjyDg7ZSqix9+WCsW+yEKn4ij0lXBcGNb:Uo0FCayDgSBv1
TLSH T11DC20706E39C1A62D1CF47FD6923D10B0AB0C1861477876A849D62E73F71FA45EA37A3
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
221
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Variant.MSILHeracles.52322.6803.9652
Verdict:
Malicious activity
Analysis date:
2023-03-23 08:34:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d18f2ec0-8520-4fb4-b9e2-07ea1b079c3e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/376794/
Detection(s):
SecuriteInfo.com.Variant.MSILHeracles.52322.6803.9652.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file
Searching for the window
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
exploit
Link:
https://www.filescan.io/uploads/641c0ebf28f6cfd591370012/reports/921716cd-4be3-48be-b03a-31186e808e04/overview
Verdict:
Malicious
Labled as:
IL:Trojan.MSILZilla
Link:
https://www.hybrid-analysis.com/sample/4b4c5bb719c694d00ae228c4ed3a86d97b848ef231f80aff9a5a3facdf579643
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3466c0ce-1878-4cd9-b936-d0201e608e48
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1200186
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 833091 Sample: SecuriteInfo.com.Variant.MS... Startdate: 23/03/2023 Architecture: WINDOWS Score: 64 17 Antivirus / Scanner detection for submitted sample 2->17 19 Multi AV Scanner detection for submitted file 2->19 21 Yara detected UAC Bypass using CMSTP 2->21 6 SecuriteInfo.com.Variant.MSILHeracles.52322.6803.9652.exe 2 2->6         started        9 cmd.exe 1 2->9         started        process3 file4 15 SecuriteInfo.com.V...2.6803.9652.exe.log, ASCII 6->15 dropped 11 conhost.exe 6->11         started        13 conhost.exe 9->13         started        process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4b4c5bb719c694d00ae228c4ed3a86d97b848ef231f80aff9a5a3facdf579643/
Threat name:
ByteCode-MSIL.Hacktool.BypassUaZ
Create hunting rule
Status:
Malicious
First seen:
2022-12-13 16:49:04 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
17 of 37 (45.95%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jngfxnyzy2knacxcfdco2oug3f5yjdxsgh4av742li72zx2xszbq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230323-kfvhhsge3v/
Unpacked files
SH256 hash:
4b4c5bb719c694d00ae228c4ed3a86d97b848ef231f80aff9a5a3facdf579643
MD5 hash:
f1171757917bda367914537dec2e5ef2
SHA1 hash:
ad5541aa6cab114b16a0c2a672f5907f427fc4a5
Link:
https://www.unpac.me/results/d0008f1e-1ebe-4080-ac3e-90ed2fc20e26/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.50
Link:
https://yomi.yoroi.company/submissions/4b4c5bb719c694d00ae228c4ed3a86d97b848ef231f80aff9a5a3facdf579643

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4b4c5bb719c694d00ae228c4ed3a86d97b848ef231f80aff9a5a3facdf579643

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2581750/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/376794/

Comments