MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5451af0e6bf3df772cd0905609ad2f23c6e0adb013cd1e418b179ce325e72aff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5451af0e6bf3df772cd0905609ad2f23c6e0adb013cd1e418b179ce325e72aff
SHA3-384 hash: bf5ee57874b13fca555936082c428738ede9054ddd69392c3df716117863144b86f720b05a9d314bd415417bdea7e6b2
SHA1 hash: 08240c2e02ba2ffe9712ab2b6d28a934ffa1bcc5
MD5 hash: d53b30e8f251bded78db29edc049f563
humanhash: mountain-montana-robert-white
File name:d53b30e8f251bded78db29edc049f563.exe
Download: download sample
File size:7'002'616 bytes
First seen:2022-12-31 03:05:12 UTC
Last seen:2023-01-17 00:39:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 48aa5c8931746a9655524f67b25a47ef (4 x Adware.Generic, 3 x AsyncRAT, 3 x Vidar)
ssdeep 98304:cXIceIeDjObYNyMjb/I6iTFsiKavO3mHnQImTtE9/otFXSfd4jGHfiVTJZkHliqc:5O0Eq/ITuavOWwIzuNy6zZslRc
Threatray 2 similar samples on MalwareBazaar
TLSH T167663303B2CA4534F9355A365C8A9881BE27B2F529E910247CFBDA1F4E707C45CB73A6
TrID 30.2% (.EXE) Win32 Executable Delphi generic (14182/79/4)
22.4% (.EXE) Win64 Executable (generic) (10523/12/4)
14.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.6% (.EXE) Win32 Executable (generic) (4505/5/1)
6.3% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter atomiczsec
Tags:exe signed

Code Signing Certificate

Organisation:Wondershare Technology Group Co.,Ltd
Issuer:DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2022-04-08T00:00:00Z
Valid to:2025-04-05T23:59:59Z
Serial number: 059917fd7718808bc34be224e415216f
Thumbprint Algorithm:SHA256
Thumbprint: f9f7285799630d020e914535dd9ad09bab057ddbaaea7444928104a4a5242f1e
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
166
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d53b30e8f251bded78db29edc049f563.exe
Verdict:
Malicious activity
Analysis date:
2022-12-06 13:16:43 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2b424fcf-fe7d-4972-990f-811a7ef7ddb7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
PUA.Win.Malware.Speedingupmypc-6718419-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Creating a process with a hidden window
Searching for synchronization primitives
Using the Windows Management Instrumentation requests
Searching for the window
Launching a tool to kill processes
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/63afa71cbf1064ac5b2d31c5/reports/dda429b7-0199-4baa-be6f-8d8379e896ec/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/23d972ac-69fd-4300-8fc2-73af0e1935ad
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/1112549
Signature
Found Tor onion address
Obfuscated command line found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 745245 Sample: L4IFcQuUZ0 Startdate: 14/11/2022 Architecture: WINDOWS Score: 24 29 Found Tor onion address 2->29 8 L4IFcQuUZ0.exe 2 2->8         started        process3 file4 19 C:\Users\user\AppData\...\L4IFcQuUZ0.tmp, PE32 8->19 dropped 31 Obfuscated command line found 8->31 12 L4IFcQuUZ0.tmp 5 509 8->12         started        signatures5 process6 file7 21 C:\Users\user\Desktop\...\is-VV8VB.tmp, PE32+ 12->21 dropped 23 C:\Users\user\Desktop\...\is-V5VD3.tmp, PE32+ 12->23 dropped 25 C:\Users\user\Desktop\...\is-QPK4H.tmp, PE32+ 12->25 dropped 27 129 other files (none is malicious) 12->27 dropped 15 taskkill.exe 1 12->15         started        process8 process9 17 conhost.exe 15->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5451af0e6bf3df772cd0905609ad2f23c6e0adb013cd1e418b179ce325e72aff/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kri26dtl6ppxolgqsblatljpepdoblnqcpgr4qmlc6oogjphfl7q._file
Verdict:
unknown
Similar samples:
0116f75b2dfe1d64cd9d19f4cac4d142d29792b966e40c1cbc8ded58adef679b
1b7d7515f98891cf08164a7469bb9c9f3133e7834cfe99d55094594ca330e982
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221231-dlq9qacc7x/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/8ff7c10c-eaa4-4c8d-af1c-b70946ea4c76
Unpacked files
SH256 hash:
cf8a77f4cbd38f6ab44fcff738f81ec8dfdaa7ef5a64d62fdd84c6fe897adff5
MD5 hash:
4de6f44810bad050ac81f45549d58f34
SHA1 hash:
e001b982a0a978deed96789f943bf295dd2ba1d8
Link:
https://www.unpac.me/results/f325baa4-4e8e-48db-bdcd-ef562aa385cf/
SH256 hash:
44b8e6a310564338968158a1ed88c8535dece20acb06c5e22d87953c261dfed0
MD5 hash:
9c8886759e736d3f27674e0fff63d40a
SHA1 hash:
ceff6a7b106c3262d9e8496d2ab319821b100541
Link:
https://www.unpac.me/results/f325baa4-4e8e-48db-bdcd-ef562aa385cf/
SH256 hash:
5451af0e6bf3df772cd0905609ad2f23c6e0adb013cd1e418b179ce325e72aff
MD5 hash:
d53b30e8f251bded78db29edc049f563
SHA1 hash:
08240c2e02ba2ffe9712ab2b6d28a934ffa1bcc5
Link:
https://www.unpac.me/results/f325baa4-4e8e-48db-bdcd-ef562aa385cf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/5451af0e6bf3df772cd0905609ad2f23c6e0adb013cd1e418b179ce325e72aff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments