MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54d7f87b63343693732e4ca9d615d117374cead36d9eaee9aa70a04cfdae6e5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54d7f87b63343693732e4ca9d615d117374cead36d9eaee9aa70a04cfdae6e5a
SHA3-384 hash: 2ac9364de883dddcf85e9cd0f0c2d9071eff59723e71ae3dbe7e171b582b9942d94bbad81e5476e836fd559fc9076558
SHA1 hash: ec6bc279af754bbb3f0414df582113f5ea981c35
MD5 hash: 56fc709f5b8863abff5145aba8c91d4a
humanhash: west-rugby-winner-fruit
File name:Patch.exe
Download: download sample
File size:5'989'376 bytes
First seen:2022-11-06 20:33:41 UTC
Last seen:2022-11-06 23:04:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 30df8a71bd65cce2edab5b201b929df9
ssdeep 98304:Sv/Tjwqn4shleKOvmuuR36UY9Bu3Qe3Z7AMBqZrwT+V2n3F/TyHo32QF5Vvv8lI8:w/Tjln4sU+XRn0Bu3Qe3lBOrwiU3F/TU
Threatray 33 similar samples on MalwareBazaar
TLSH T11F5612ED61A43358C01EC4389433FD89B1B6152F5AF899AEB5DFB6C0275E410EA82F47
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
153
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Patch.exe
Verdict:
No threats detected
Analysis date:
2022-11-06 20:35:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d1590038-b1e8-4b09-817f-77eb1be7c22a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/329560/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.61836216.1936.16409.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/49359/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
coinminer packed
Link:
https://www.filescan.io/uploads/63681a3c61dbcd75551a4c60/reports/b3b9ef47-a2a1-4884-8db9-bba0332d7c8b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1b43e6df-cce6-451a-8abc-920110043e6d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1106762
Signature
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Tries to detect debuggers (CloseHandle check)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/54d7f87b63343693732e4ca9d615d117374cead36d9eaee9aa70a04cfdae6e5a/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-08-02 21:54:42 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
19 of 40 (47.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ktl7q63dgq3jg4zojsu5mforc43uz2wtnwpk52nkocqez7nonzna._file
Verdict:
malicious
Similar samples:
1617243bf260c15ffcb501df0b05d89af6f0590d1e779be89a53e56823f6e8b7
198f3aad48452b6a95ed0cc229e5858cb87ba61538949e5f606ea89a9d37eb03
30f5564e58d11d68bb6f8f01c745a9e60f2dd5362534c7c959868d9d554e86e5
4997ee85be4bcb1e2776453041349b2469ff57580e377c95a31dc0dd4f5a9016
7239a4b628d42d5fc2e42f4874b338d3477254a356726540da562e8cd654c15c
86890f5d0dc15d61b23cef3a33334a22fd11a729d8831f3eb9d8b54ffb48fa98
9869984c762f83d237d05082a6bcaaf680e388a7c9af167e3e28085145996526
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/221106-zceefsdaen/
Behaviour
Suspicious behavior: EnumeratesProcesses
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/547b5fb8-70bc-44d4-a6f2-7a87246e92d9
Unpacked files
SH256 hash:
54d7f87b63343693732e4ca9d615d117374cead36d9eaee9aa70a04cfdae6e5a
MD5 hash:
56fc709f5b8863abff5145aba8c91d4a
SHA1 hash:
ec6bc279af754bbb3f0414df582113f5ea981c35
Link:
https://www.unpac.me/results/7d2e0f08-9404-4c67-8c97-13048078cd05/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/54d7f87b63343693732e4ca9d615d117374cead36d9eaee9aa70a04cfdae6e5a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/329560/

Comments