MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51eaf57ae9fde2cb71b84897ddfd8d5c69bb0604dad100de6ce57f026f3cbada. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51eaf57ae9fde2cb71b84897ddfd8d5c69bb0604dad100de6ce57f026f3cbada
SHA3-384 hash: 0837492693a284136b608d617b37485f6b33033b2c0e56807c69db226e82d205759b59bf6f72d0e8c1fce1cb44b70b2f
SHA1 hash: 7efe2281cca69cad505e805cf1298c0a19fb7f30
MD5 hash: 8f272153abc5fd19a0a0bb641991d084
humanhash: arkansas-uniform-angel-sink
File name:SecuriteInfo.com.Win64.DropperX-gen.636
Download: download sample
File size:12'288 bytes
First seen:2022-09-26 04:17:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 192:xJZkqh9ELOEebCEBMNLKS9iDA1DQp+AA7g+4OW4/4Ic6nGirzshg:xXkMELOEe+EBMvYD8DC+k+IWhrzsh
Threatray 2'348 similar samples on MalwareBazaar
TLSH T1DC424C0AEBF44535FDE643B51D2797C02730A7607C23C78AB8C891A66D26F588B91F71
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 48d4f4f0f0f0d8c0 (37 x RedLineStealer, 18 x AgentTesla, 9 x SnakeKeylogger)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
245
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/313404/
Detection(s):
SecuriteInfo.com.Win64.DropperX-gen.636.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Unauthorized injection to a recently created process
Query of malicious DNS domain
Sending an HTTP GET request to an infection source
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/63312800d192c333bf3deb19/reports/69f72f49-e6b7-4040-8e3e-16b3dcc083d2/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4d55e1f5-fd99-4a86-90e7-67e21d46f23a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1077147
Signature
.NET source code contains potential unpacker
Encrypted powershell cmdline option found
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51eaf57ae9fde2cb71b84897ddfd8d5c69bb0604dad100de6ce57f026f3cbada/
Threat name:
ByteCode-MSIL.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2022-09-25 23:31:32 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
18 of 41 (43.90%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=khvpk6xj7xrmw4nyjcl537mnlru3wbqe3liqbxtm4v7qe3z4xlna._file
Verdict:
malicious
Similar samples:
8228980582876a9da9e46304e1a738af7485b0c7992c9daf30004d8bab1c3b9d
a0baf98ce28c1245d78159191bd0fafaf80c8c6b76b5e80b43bea8874af910a9
c0be7072ca0ea43fce4807bf70d62db6d8d8724ff836c9e706722336ecbfd1bc
c761bddf4919d6207339aaae1f71bf1dfb5a8a76c110dfd75d96c3b7ae3ae917
cb191c1c612b01447bd75c880c223fa73c82f9902bc6e6a26881031b0a9bf9db
d9837c768f392a3bb98836aedc39c89e1b0641f1b51949d744bfb1a128cb23aa
f15bf4c786172149ed0b9e57b08c695b01095b9167de714ea61768f021ae9ff0
+ 2'338 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220926-ewyl8ahdd4/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Checks computer location settings
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/c2bd3663-afd8-43e0-ad4d-de09d392c273
Unpacked files
SH256 hash:
51eaf57ae9fde2cb71b84897ddfd8d5c69bb0604dad100de6ce57f026f3cbada
MD5 hash:
8f272153abc5fd19a0a0bb641991d084
SHA1 hash:
7efe2281cca69cad505e805cf1298c0a19fb7f30
Link:
https://www.unpac.me/results/d2497658-a835-4609-b390-479c5cb7defb/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/51eaf57ae9fd/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.57
Link:
https://yomi.yoroi.company/submissions/51eaf57ae9fde2cb71b84897ddfd8d5c69bb0604dad100de6ce57f026f3cbada

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/313404/

Comments