MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bf1915785d7c6e0987eb9c15857f7ac67dc365177a1707b14822131d43a6166. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4bf1915785d7c6e0987eb9c15857f7ac67dc365177a1707b14822131d43a6166
SHA3-384 hash: 717141daf7266e4e3a9c47925ddd2e1881395b8441927b4bc60809ca76e1dc74ec08f9b8303f2ca19248066cda7a621b
SHA1 hash: 5310270aeeeca3fdb38beee7021f3cda591b70d8
MD5 hash: cd6f6b6a05cd94839beaae7f59b4d6dd
humanhash: arizona-skylark-alabama-kansas
File name:WRUpdate.x64.dll
Download: download sample
File size:2'476'544 bytes
First seen:2023-12-13 21:11:53 UTC
Last seen:2023-12-13 22:19:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a71f9a1c4a1445f92b7bbca6fba33a96
ssdeep 24576:9GBiY8bJbBP2BlK3dsdhmYSUUlmYorz5/nPqCXM2ntWdN8ANFOjJwFzCJvHuUGyw:Ouj8R856N
TLSH T19FB5D0625DC42FF5EFD8112D90BE6B0E43B06187241A608FFB656F09AFE7E44850B297
TrID 25.4% (.ICL) Windows Icons Library (generic) (2059/9)
25.0% (.EXE) OS/2 Executable (generic) (2029/13)
24.7% (.EXE) Generic Win/DOS Executable (2002/3)
24.7% (.EXE) DOS Executable Generic (2000/1)
Reporter smica83
Tags:APT29 backdoor CVE-2023-42793 exe graphicalproton

Intelligence

File Origin
# of uploads :
2
# of downloads :
431
Origin country :
HU HU
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/467329/
Detection(s):
SecuriteInfo.com.Win64.CrypterX-gen.15674.3055.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm masquerade packed
Link:
https://www.filescan.io/uploads/657a1e253f60a8103490ec98/reports/88d08de2-4e16-4c8f-b98c-37431575c866/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/4bf1915785d7c6e0987eb9c15857f7ac67dc365177a1707b14822131d43a6166
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a32f927a-a00b-4614-ba55-c336b3b226ad
Result
Threat name:
n/a
Detection:
suspicious
Classification:
evad
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/1361745
Signature
Sets debug register (to hijack the execution of another thread)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 1361745 Sample: WRUpdate.x64.dll.exe Startdate: 13/12/2023 Architecture: WINDOWS Score: 24 6 loaddll64.exe 1 2->6         started        process3 8 rundll32.exe 6->8         started        11 cmd.exe 1 6->11         started        13 rundll32.exe 6->13         started        15 2 other processes 6->15 signatures4 19 Sets debug register (to hijack the execution of another thread) 8->19 17 rundll32.exe 11->17         started        process5
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/4bf1915785d7c6e0987eb9c15857f7ac67dc365177a1707b14822131d43a6166
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4bf1915785d7c6e0987eb9c15857f7ac67dc365177a1707b14822131d43a6166/
Threat name:
Win64.Trojan.VaporRage
Create hunting rule
Status:
Malicious
First seen:
2023-12-13 20:06:14 UTC
File Type:
PE+ (Dll)
AV detection:
17 of 36 (47.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jpyzcv4f27dobgd6xhavqv7xvrt5ynsro6qxa6yuqiqtdvb2mfta._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/231213-z1573shchl/
Behaviour
Suspicious use of NtCreateThreadExHideFromDebugger
Unpacked files
SH256 hash:
4bf1915785d7c6e0987eb9c15857f7ac67dc365177a1707b14822131d43a6166
MD5 hash:
cd6f6b6a05cd94839beaae7f59b4d6dd
SHA1 hash:
5310270aeeeca3fdb38beee7021f3cda591b70d8
Link:
https://www.unpac.me/results/65269a28-d22a-4ebb-8666-3cf22fd0e03d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/4bf1915785d7c6e0987eb9c15857f7ac67dc365177a1707b14822131d43a6166

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
Cape
Cape
https://www.capesandbox.com/analysis/467329/

Comments