MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5178b113ff589ee961f692de2a2f0c577c31b9511d81d8ec0af052bc732b2ff5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	5178b113ff589ee961f692de2a2f0c577c31b9511d81d8ec0af052bc732b2ff5
SHA3-384 hash:	1309778e68776d77ded8f8671920e2eb869f73277e21fc9c1aff786340b5d9575265883dd4f6e3611249ac34b5ddb131
SHA1 hash:	24ee0d7e7b10076c578783087a01d01e71e6abd7
MD5 hash:	49eb2f7376d007ca75df92f2103ad8f2
humanhash:	hawaii-maryland-august-music
File name:	vbc.exe
Download:	download sample
Signature	MassLogger Alert Create hunting rule
File size:	14'336 bytes
First seen:	2022-11-21 14:03:52 UTC
Last seen:	2022-11-21 15:45:33 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	192:ClwouxpBWKdCTPrUEuhTt5JGuHLaCF5yhqP0vpeYwUxSBwL54B6nE:CvuxpUKdWzzu1HxyqPmeO0wL5iV
Threatray	2'962 similar samples on MalwareBazaar
TLSH	T144525C21DBDE567AFC324A398DB35391157CBB437897D72EDED0800E5C52A480650FB1
TrID	56.5% (.EXE) Win64 Executable (generic) (10523/12/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	74f0b696969ce8f0 (1 x Formbook, 1 x MassLogger)
Reporter	Anonymous
Tags:	exe MassLogger

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

193

Origin country :

DE

Vendor Threat Intelligence

ANY.RUN Malicious

Malware family:

n/a

ID:

1

File name:

AWB-NOTIFIICATION.xls

Verdict:

Malicious activity

Analysis date:

2022-11-21 13:51:26 UTC

Tags:

macros opendir loader

Link:

https://app.any.run/tasks/e231c9ef-376b-440d-92d3-bc93b1c60d5f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/336786/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win64.DropperX-gen.30470.17038.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Launching a process

Creating a process with a hidden window

Creating a file in the %AppData% subdirectories

Unauthorized injection to a recently created process

Creating a file

DNS request

Query of malicious DNS domain

Sending a TCP request to an infection source

Enabling autorun by creating a file

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/637b8552903ba0eaf36cd86a/reports/829a1b70-8388-404d-a527-93c63565a9e1/overview

InQuest UNKNOWN

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Suspicious

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/dd3e1a9e-8e26-47e6-8293-3cbf05b7bccf

Joe Sandbox malicious

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1118160

Signature

.NET source code contains potential unpacker

Antivirus detection for URL or domain

Creates an undocumented autostart registry key

Encrypted powershell cmdline option found

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Modifies the context of a thread in another process (thread injection)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Uses dynamic DNS services

Yara detected Costura Assembly Loader

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5178b113ff589ee961f692de2a2f0c577c31b9511d81d8ec0af052bc732b2ff5/

ReversingLabs TitaniumCloud ByteCode-MSIL.Trojan.Injuke

Threat name:

ByteCode-MSIL.Trojan.Injuke

Alert

Create hunting rule

Status:

Malicious

First seen:

2022-11-21 14:04:04 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

2

AV detection:

15 of 26 (57.69%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kf4lce77lcposypwslpculymk56ddokrdwa5r3ak6bjly4zlf72q._file

Threatray masslogger

Verdict:

malicious

Label(s):

masslogger

Alert

Create hunting rule

Similar samples:

10ce810ff5f578bf483fc683d4b830d50f4bf58355255d382e22d3c8d2407054

MassLogger

2dde2cc8ac37a2f9750674975e4117414aaee2e1fa62b6cb28c9b4a6b7d2e458

MassLogger

431259109385ec63af8de3962a7439e71c9361c30051ac30febcda57114e201a

MassLogger

588572e37df45867b14d17b7892c5337ecce9e618b43ae6aae8ab187c35bbc92

MassLogger

65974a49b0f427641f96866baacf2ab54717f613adc747812061bb05e4dde779

MassLogger

68ff988170989b1c7fed3a926fbd9ba6dd54fb43f05d03d1f49ad7d84a830cff

MassLogger

9c348075ed5b4586cb68c9d794189661b4bcb53c86eff81afd634e29ef9e8369

MassLogger

d6f73562c2013f0fe1ef835228ec4e7ff3fe5f9d19b698c4f68bd17b406e783d

MassLogger

f1d04f67ef1946dde29527ba72298ec15aa0d2a54f3026271768d535a4dbefcd

MassLogger

f333b87b79d0fbf142976bb401a082f189b00c49e65a3ad7b1ed5b8f33320ba0

MassLogger

+ 2'952 additional samples on MalwareBazaar

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  7/10

Tags:

n/a

Link:

https://tria.ge/reports/221121-rc9atsgc3z/

Behaviour

Suspicious use of AdjustPrivilegeToken

Uses the VBS compiler for execution

Threat.Zone Malicious

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/6c9ee38f-7470-4304-bc70-ad4df00d75f5

UnpacMe

Unpacked files

SH256 hash:

5178b113ff589ee961f692de2a2f0c577c31b9511d81d8ec0af052bc732b2ff5

MD5 hash:

49eb2f7376d007ca75df92f2103ad8f2

SHA1 hash:

24ee0d7e7b10076c578783087a01d01e71e6abd7

Link:

https://www.unpac.me/results/1c2cec97-194e-47d6-a752-627a5e602015/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Suspicious File

Threat name:

Suspicious File

Score:

0.38

Link:

https://yomi.yoroi.company/submissions/5178b113ff589ee961f692de2a2f0c577c31b9511d81d8ec0af052bc732b2ff5

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

MassLogger

exe 5178b113ff589ee961f692de2a2f0c577c31b9511d81d8ec0af052bc732b2ff5

(this sample)

  

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/336786/

  

URLhaus

https://urlhaus.abuse.ch/url/2428603/