MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51b0ece48a248fb0bceac9e126c008d33d97f32aaff901406b9275084b8e6ed6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51b0ece48a248fb0bceac9e126c008d33d97f32aaff901406b9275084b8e6ed6
SHA3-384 hash: 74ae845adb5d8c467737861df970100c65915e2f2449360b18909c16309a6529c4af8aa1dee5405fcded3c07ed114cf5
SHA1 hash: 8281010956e8310b659002e84daf426e0b6977b8
MD5 hash: b042872081adda2af5784d6ac9ad94cd
humanhash: leopard-fifteen-indigo-wolfram
File name:SecuriteInfo.com.W32.Agent.CE13.tr.32204.32526
Download: download sample
File size:540'992 bytes
First seen:2023-09-17 16:37:53 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash deba71fcd4e68e93af678f2a5e291977
ssdeep 6144:+RR5rhZFQGrsUwF7vlPoSNyF3zn6JCYf9JQ3p8I:+R5nWFpPoS/J
Threatray 24 similar samples on MalwareBazaar
TLSH T10CB45B467539C692C02EC93146F5D6A527A17C7FCDA51BCFA0D8774E8EB23C3221A0DA
TrID 28.6% (.EXE) UPX compressed Win32 Executable (27066/9/6)
28.1% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
17.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
6.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
5.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter SecuriteInfoCom
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
283
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/449165/
Detection(s):
SecuriteInfo.com.W32.Agent.CE13.tr.32204.32526.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
89%
Tags:
evasive fingerprint lolbin overlay packed packed packed shell32 upx
Link:
https://www.filescan.io/uploads/65072b8533582f234ef9e955/reports/1f8d37e1-cc9d-4ffc-b9a4-f7bf52ccc525/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/51b0ece48a248fb0bceac9e126c008d33d97f32aaff901406b9275084b8e6ed6
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a9812a38-bc35-412d-985d-ca446154792d
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1309637
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1309637 Sample: SecuriteInfo.com.W32.Agent.... Startdate: 17/09/2023 Architecture: WINDOWS Score: 52 32 tse1.mm.bing.net 2->32 36 Multi AV Scanner detection for submitted file 2->36 38 Machine Learning detection for sample 2->38 9 loaddll32.exe 1 2->9         started        signatures3 process4 process5 11 cmd.exe 1 9->11         started        13 rundll32.exe 9->13         started        15 rundll32.exe 1 9->15         started        17 25 other processes 9->17 process6 19 rundll32.exe 11->19         started        21 WerFault.exe 13->21         started        24 WerFault.exe 15->24         started        26 WerFault.exe 17->26         started        28 WerFault.exe 17->28         started        dnsIp7 30 WerFault.exe 23 9 19->30         started        34 192.168.2.1 unknown unknown 21->34 process8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51b0ece48a248fb0bceac9e126c008d33d97f32aaff901406b9275084b8e6ed6/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kgyozzekesh3bphkzhqsnqai2m6zp4zkv74qcqdlsj2qqs4on3la._file
Verdict:
unknown
Similar samples:
039d30d477511a374732afa1354251d22163663a81fc79a9c8dac157b2cc9ebd
18c6cb8dbdcb66ab3c7f48de9e8c2317bd16ea6f7953eada4694efbba00ac9ce
45982d6a7674a3ff4d2f28e95963d74729e0cb3059c08ef2e4c235182bf4591d
6ce171619dd97a51a8d5e6a4eaeea86f4fea6ed400c9e0a879b690b4fbd0a6b4
83e11774e75ac33d5e754c051e42a87c516a646d78d06375d8c345761fca7e77
8e6ab3fa1fd0a8bcef6b042cd9f0120847180ec1e57b10c28336ace670470e22
aa3792858633f1c2e3400c961497b98d28e8a82c179ef7c04fabd070fc971859
bfe85700c95ee65a50c47769f003c792d9b7cc407359a6d6df795c3bbb3fef8b
c5d24b4a21b5ce63ea8752778e37059f9fd0f4d738b760f6c03b2b902f67f848
+ 14 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
upx
Link:
https://tria.ge/reports/230917-t5f6vsdg87/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
UPX packed file
Unpacked files
SH256 hash:
e856d896abbdbdad2f06e19e4b0f6ea8926fd216c4f1e904919d4e817fc607d3
MD5 hash:
47fe34b9fc14c186ad4788c66ea2ca13
SHA1 hash:
12dd5d725a34ab46fb63a29ab8c689c090b5d876
Link:
https://www.unpac.me/results/054bf378-a64e-48ec-9892-70de14b4ce39/
SH256 hash:
51b0ece48a248fb0bceac9e126c008d33d97f32aaff901406b9275084b8e6ed6
MD5 hash:
b042872081adda2af5784d6ac9ad94cd
SHA1 hash:
8281010956e8310b659002e84daf426e0b6977b8
Link:
https://www.unpac.me/results/054bf378-a64e-48ec-9892-70de14b4ce39/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/51b0ece48a248fb0bceac9e126c008d33d97f32aaff901406b9275084b8e6ed6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/449165/

Comments