MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5217c2a1802b0b0fe5592f9437cdfd21f87da1b6ebdc917679ed084e40096bfd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5217c2a1802b0b0fe5592f9437cdfd21f87da1b6ebdc917679ed084e40096bfd
SHA3-384 hash: 0c4c985671b24c0cd156ef90e5967d972d195c8201c39d26546aad68d3f8d106b01a81817532ff0064e5865ff8481628
SHA1 hash: 82b0beb6fff9a90dc40b300ebf1b0ec4977ba8ad
MD5 hash: 63d502f3f0771468e72346b6f1112851
humanhash: michigan-carolina-fanta-august
File name:0524x86110.exe
Download: download sample
File size:122'880 bytes
First seen:2022-06-03 06:58:00 UTC
Last seen:2022-09-04 16:03:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e58ab46f2a279ded0846d81bf0fa21f7 (7 x Nitol, 5 x Gh0stRAT, 3 x ZeuS)
ssdeep 3072:0iMWFJh038u2KUphV8WwFjpFUlx8/XElZVu:0lWFW2KifIF1FizZVu
Threatray 289 similar samples on MalwareBazaar
TLSH T1BCC3024547009793E796C97D30F2EEA1664B98CCE8DD5ED25F75A1CB00802ECC69E2BE
TrID 35.7% (.EXE) UPX compressed Win32 Executable (27066/9/6)
35.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.9% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter obfusor
Tags:exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
310
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7533976147.zip
Verdict:
Malicious activity
Analysis date:
2022-05-31 10:58:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f33274ab-2413-463c-9245-b73b064b080e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/276444/
Detection(s):
SecuriteInfo.com.DeepScan.Generic.Exploit.Shellcode.RDI.4.30C23730.27122.18298.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Launching a process
Сreating synchronization primitives
Sending a custom TCP request
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6299b1158787703a222efc76/reports/493d5ab1-b820-4435-b9d1-305ab4d11c22/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4b0b277d-f23b-42b6-9cf2-794ab5a08fd9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1006124
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to inject code into remote processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5217c2a1802b0b0fe5592f9437cdfd21f87da1b6ebdc917679ed084e40096bfd/
Threat name:
Win32.Trojan.Invader
Create hunting rule
Status:
Suspicious
First seen:
2022-05-30 23:27:39 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kil4fimafmfq7zkzf6kdptp5eh4h3inw5pojc5tz5uee4qajnp6q._file
Verdict:
malicious
Similar samples:
339047eec5b8499e25ed859fa92501a802ff5816cbf0876c2ab9178818c1eb5f
34db55d7975afdcc3604351af06b1d7aaff5fe64ee6eb227a92aab199d5b7094
470a7b7594b3a7f16eee9a882698965fa98cc6b10d91232fa9324624c27fb9ab
6c883290bcc7c78a2bea30728b6f8d2e9879763ab6b5ae211849bc44014d946d
8b5ee453ccfea68e6d05bc1165058a73fd43125b2801a48fe4ae90aa04592697
bc9c029d261add24b1801f401c3dc08955f834076aa2079f91406faf9b5a9ab7
c4b34701b175cf6b02d30c4633396f2602ecdd36ba6ca7b3d8a047d47083eae4
+ 279 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/220603-hrg1fsgfhl/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
UPX packed file
Unpacked files
SH256 hash:
de44e5f6cfac9cd3e61194efd5c2b20ba44c437a520fe7018ed7f623e66f8131
MD5 hash:
0bf52b3eba4d5fad2c529738c7faf958
SHA1 hash:
ed9a2fc4ab7d909ed55395d2d4e0c350cde7f3e3
Link:
https://www.unpac.me/results/20884ca6-1352-4d21-b1cd-cb79c7d70d8c/
SH256 hash:
d98ec657afe1f4cec985897da9fc888cff3b15d2cacc9ae8220d30931004b2c7
MD5 hash:
2f81110c802f2453a1c7f2a41833c77a
SHA1 hash:
a54e16d827b9d3044c7aa97ef90a0c296e936395
Link:
https://www.unpac.me/results/20884ca6-1352-4d21-b1cd-cb79c7d70d8c/
SH256 hash:
5217c2a1802b0b0fe5592f9437cdfd21f87da1b6ebdc917679ed084e40096bfd
MD5 hash:
63d502f3f0771468e72346b6f1112851
SHA1 hash:
82b0beb6fff9a90dc40b300ebf1b0ec4977ba8ad
Link:
https://www.unpac.me/results/20884ca6-1352-4d21-b1cd-cb79c7d70d8c/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/5217c2a1802b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/5217c2a1802b0b0fe5592f9437cdfd21f87da1b6ebdc917679ed084e40096bfd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/276444/

Comments