MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52d79e7edccadccda98fdaaa761c5306adc502a639e7e217b2256ed6d8b7fa17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA 1 File information Comments

SHA256 hash:	52d79e7edccadccda98fdaaa761c5306adc502a639e7e217b2256ed6d8b7fa17
SHA3-384 hash:	e86aa5ea13e40969aa92d8f900f115ffe78e271f559bd3428dcb11ec4fafea1277fba16f17b396994ac41b51c725750e
SHA1 hash:	a2c5697e877bc9e7fced61688f987de22026e561
MD5 hash:	7295fd231f90dafd7f384dbafa4c9500
humanhash:	illinois-jersey-uniform-pasta
File name:	Nota Fiscal Eletronica2.msi
Download:	download sample
File size:	1'429'504 bytes
First seen:	2021-12-23 22:49:31 UTC
Last seen:	Never
File type:	msi
MIME type:	application/x-msi
ssdeep	24576:RBsyNC63vosTi0cNOAqJAkMpYkgztdfG8NQGa2A7Ivn9pBo5MTGq5YVJrTsgsFHS:DsxCvosTi0sOAZnWk0fNQGRA7Iv/Boak
Threatray	174 similar samples on MalwareBazaar
TLSH	T160659E1076D6C036C4BE05703A6ED76B157EBE700BB188EB63D81A2E1EB15C25632F67
Reporter	Anonymous
Tags:	msi

Intelligence

File Origin

# of uploads :

# of downloads :

152

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/216041/

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/61c4fd26ec6c6c14a9ed88c8/reports/6e9baa8c-0de2-4a7b-ab83-8a6e349e3032/overview

Result

Verdict:

SUSPICIOUS

Link:

https://labs.inquest.net/dfi/sha256/52d79e7edccadccda98fdaaa761c5306adc502a639e7e217b2256ed6d8b7fa17

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

IPv4 Dotted Quad URL

A URL was detected referencing a direct IP address, as opposed to a domain name.

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

5 / 100

Link:

https://www.joesandbox.com/analysis/912216

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/52d79e7edccadccda98fdaaa761c5306adc502a639e7e217b2256ed6d8b7fa17/

Threat name:

Binary.Trojan.Generic

Status:

Suspicious

First seen:

2021-12-23 10:04:51 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

3 of 43 (6.98%)

Threat level:

5/5

Verdict:

unknown

13241421d86807055664ccd771acbcffd378d52fbeb1a35b3106e4c2c5cc443a

27037adba1bbede3fb44bcc190a33134b020a8ebb48f39a16790c0c358ca94e5

276fe35ed289cc299cca3a511c089d5d9994bb21c26818946b9ae2a0e7f6f584

766813a2d32e70dd895aa89f769d1db2e6acbb4107b3712775902da1ca6eff53

8cb6d0ac34d090ebf86cc3b0fb51dc57b89b2429627dd15170b29ee29d02ad08

8ee5beec825590d2f25175e51b4a6bed6b3e678901c32d4e14c177df62bdf737

c5d5bd4d5b66de5559e4ebb98251b74b49baa08a50cfc8f69b2c9005fcc861a4

ca8eb4d83e1827e0fd86c260a60b1a9bb24876e15e1e0c55755d32314f308f4a

e9200c8a5ccb0bca2e40d3f618b056a552fbd7247396904a0d8ea70164fee886

+ 164 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/211223-2r9v1scegr/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Drops file in Windows directory

Enumerates connected drives

Loads dropped DLL

Blocklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/52d79e7edccadccda98fdaaa761c5306adc502a639e7e217b2256ed6d8b7fa17

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	suspicious_msi_file Create hunting rule
Author:	Johnk3r
Description:	Detects common strings, DLL and API in Banker_BR

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

Cape

https://www.capesandbox.com/analysis/216041/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample