MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57691768847f3d6b2356fc99c017e420bce518981e4ff037352abc97b9c6139c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 14


Intelligence 14 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 57691768847f3d6b2356fc99c017e420bce518981e4ff037352abc97b9c6139c
SHA3-384 hash: b62f9c0dcc5e29aeeff78ed1e0d7ed55f730657f26019cddc671870be5efe4409f34b69831283e0591f76af435c8f526
SHA1 hash: 0bd59c67d987df79f2c764ec9815d3f954bda086
MD5 hash: 8f6c8902178d973c43821ce9986aa974
humanhash: vermont-alaska-freddie-shade
File name:SecuriteInfo.com.FileRepMalware.25505.20211
Download: download sample
File size:10'295'198 bytes
First seen:2024-07-21 23:52:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep 196608:N1wnAfEuYPg69OzHhxrurouLf2J+IEcdKpBjH6Z+FX2mPcTfHtTHp1hQmFme:N1NEJPg6uaBLFeKnPFNkTft7ymf
Threatray 1 similar samples on MalwareBazaar
TLSH T121A6233FB228663EC4AA0B3201739650987BBF65B91ACC1E57F4240DDF365702E3E659
TrID 45.4% (.EXE) Inno Setup installer (107240/4/30)
24.3% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
17.6% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
4.4% (.EXE) Win64 Executable (generic) (10523/12/4)
2.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon 0e617949496c6c93
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
316
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
57691768847f3d6b2356fc99c017e420bce518981e4ff037352abc97b9c6139c.exe
Verdict:
Malicious activity
Analysis date:
2024-07-22 16:09:43 UTC
Tags:
adware innosetup
Link:
https://app.any.run/tasks/13d11e78-42cc-4b52-bc83-1b5abbedad9b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.FileRepMalware.25505.20211.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=669d9f662f6eaff4b90f1b54
Tags:
Encryption Generic Network Ransomware Stealth Stealer
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
embarcadero_delphi fingerprint installer lolbin overlay packed setupapi shell32 stealer
Link:
https://www.filescan.io/uploads/669d9f63f1068d66afbff90d/reports/93f99d72-b83c-433f-8130-d2746266b4c5/overview
Verdict:
Suspicious
Labled as:
TR/Spy.Stealer
Link:
https://www.hybrid-analysis.com/sample/57691768847f3d6b2356fc99c017e420bce518981e4ff037352abc97b9c6139c
Result
Verdict:
MALICIOUS
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dfb333d7-1c2b-4b73-8bba-96583ca01494
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
54 / 100
Link:
https://www.joesandbox.com/analysis/1477772
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Connects to a pastebin service (likely for C&C)
Connects to many IPs within the same subnet mask (likely port scanning)
Creates multiple autostart registry keys
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Performs DNS queries to domains with low reputation
Queries Google from non browser process on port 80
Snort IDS alert for network traffic
Tries to delay execution (extensive OutputDebugStringW loop)
Tries to resolve many domain names, but no domain seems valid
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1477772 Sample: SecuriteInfo.com.FileRepMal... Startdate: 22/07/2024 Architecture: WINDOWS Score: 54 65 kathyandrobin.com 2->65 67 espdgoods.xyz 2->67 69 2442 other IPs or domains 2->69 101 Snort IDS alert for network traffic 2->101 103 Antivirus detection for URL or domain 2->103 105 Antivirus / Scanner detection for submitted sample 2->105 111 5 other signatures 2->111 11 SecuriteInfo.com.FileRepMalware.25505.20211.exe 2 2->11         started        14 kglTool.exe 2->14         started        17 wekTool.exe 2->17         started        19 6 other processes 2->19 signatures3 107 Connects to a pastebin service (likely for C&C) 65->107 109 Performs DNS queries to domains with low reputation 67->109 process4 dnsIp5 63 SecuriteInfo.com.F...are.25505.20211.tmp, PE32 11->63 dropped 21 SecuriteInfo.com.FileRepMalware.25505.20211.tmp 2 35 11->21         started        95 8 other IPs or domains 14->95 87 199.34.228.164 WEEBLYUS United States 17->87 89 blastpyro.com 199.34.228.166 WEEBLYUS United States 17->89 97 97 other IPs or domains 17->97 91 199.34.228.191 WEEBLYUS United States 19->91 93 160.153.0.151 GODADDY-AMSDE United States 19->93 99 76 other IPs or domains 19->99 file6 process7 file8 53 C:\Users\user\AppData\...\wekTool.exe (copy), PE32 21->53 dropped 55 C:\Users\user\AppData\...\libeay32.dll (copy), PE32 21->55 dropped 57 C:\Users\user\AppData\...\libcurl.dll (copy), PE32 21->57 dropped 59 38 other files (31 malicious) 21->59 dropped 115 Creates multiple autostart registry keys 21->115 25 Baixar Musicas Gratis-latest.exe 21->25         started        28 wekTool.exe 13 21->28         started        32 kglTool.exe 21->32         started        signatures9 process10 dnsIp11 61 C:\Users\...\Baixar Musicas Gratis-latest.tmp, PE32 25->61 dropped 34 Baixar Musicas Gratis-latest.tmp 25->34         started        75 160.153.0.142 GODADDY-AMSDE United States 28->75 77 160.153.0.168 GODADDY-AMSDE United States 28->77 83 113 other IPs or domains 28->83 117 Queries Google from non browser process on port 80 28->117 79 stojakconstruction.com 32->79 81 simmonsarch.com 32->81 85 7 other IPs or domains 32->85 file12 signatures13 process14 file15 45 C:\Users\user\AppData\...\vlc-qt.dll (copy), PE32 34->45 dropped 47 C:\Users\user\AppData\...\unins000.exe (copy), PE32 34->47 dropped 49 C:\Users\user\...\libgnutls_plugin.dll (copy), PE32 34->49 dropped 51 244 other files (235 malicious) 34->51 dropped 113 Creates multiple autostart registry keys 34->113 38 Baixar Musicas GratisService.exe 34->38         started        41 Baixar Musicas Gratis.exe 34->41         started        signatures16 process17 dnsIp18 71 rekonathletics.com 38->71 73 creatingsouljoy.com 38->73 43 Baixar Musicas GratisService.exe 41->43         started        process19
Score:
44%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/57691768847f3d6b2356fc99c017e420bce518981e4ff037352abc97b9c6139c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/57691768847f3d6b2356fc99c017e420bce518981e4ff037352abc97b9c6139c/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2022-09-22 09:10:34 UTC
File Type:
PE (Exe)
Extracted files:
43
AV detection:
13 of 37 (35.14%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k5uro2eep46wwi2w7sm4af7eec6okgeydzh7anzvfk6jpoogcooa._file
Verdict:
malicious
Similar samples:
4a6ffa02ff7280e00cf722c4f2235f0e318e6cc8a2b9968639ba715f1a38c834
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/240721-3xa5ba1dmb/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Executes dropped EXE
Loads dropped DLL
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/3a075c4f-f9f8-426e-9a1d-a03959048f72
Unpacked files
SH256 hash:
6f53209455bcf812db546c3ed07b146763a0f4b919377ef9e46fe44962c521aa
MD5 hash:
adf50be6396ba241a1e5ccbb3516ff5a
SHA1 hash:
eb05f0b2ec2eab53f61c3b59bcdd9820dd3f2f4d
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
870876819b0e66f5eb9c1e0535722b33dc1996c3af615b97b843254e84f13eee
MD5 hash:
3e479509cf7f68bb5cf674701dc40b38
SHA1 hash:
e2de2cfb57b358842de09c5fa4d0a1857e06112e
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
5402011148fa1c9a67ed0ea1ea1188cd1eb726ee01238d87b47d47dd42ce1fb1
MD5 hash:
4275799ffb9fa0ef0063f4eabfd676fd
SHA1 hash:
abbd159d281b42c352bfe6432ae2053ce9d236ff
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
e0d4b098c6eb2bb48d30fa0d3962f59eb5efa50af61ded0f7998f6165e80dca9
MD5 hash:
65f5636f94653e9309a42f4a7143db3d
SHA1 hash:
aafab1ce750c28826227283b9a65b1b94026f87f
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
1ef95c51479adaa8edc9cb659850dc483018b1bc1f38c84cd38ec498fe0d26b9
MD5 hash:
6813d2ba678d90013df8e16581c827c8
SHA1 hash:
5be6e95d3bde8d57d0e7f3cbef5f7c63411226e4
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
1e5a54ed408d5f5103e1afa1bd7afc7a3bfdc1d4f422c1a99f5b234b5275ed5b
MD5 hash:
4bb345304929f7edd11f9fbd487c70fd
SHA1 hash:
581bcd6428fc6e4cc27f3e96e8ff4f0fd3c66497
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
960e34c165b1cf5b27d2d4df4d727ed1dd6b32f0980e6eb359b2377398f771c8
MD5 hash:
de8cd5086e220abb0bcac4ccebdd7ae9
SHA1 hash:
4fd8501968875a25a46630ce3ed87141c45df188
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
2d704bfaf295528f703401eafd41a49fe8d6965e9d33f22f6b7ce10340d56f37
MD5 hash:
60b2d9a5fcef9e5283eda9dc310e370d
SHA1 hash:
402868b608a068ddaecf6e2c63a10a7bccb024b7
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
968b6516494d2367c202f49612e63f977ee9c81c55a230883742735d77e46b58
MD5 hash:
ee5052be5b8aec13a3cf91cc6389d54f
SHA1 hash:
3bb5ccbc7c9bda8ddff8e66a81f8f6d0f82c7cb6
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
adf03934265ca25bbfcaddebfdfacfdc611f8518b56e8814bda575bb1f17f638
MD5 hash:
35e6a8c1dfabbfe9d2cbce708032f150
SHA1 hash:
36ee08fa9f7ce2b744784c0e148df9144cd57224
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
fa8be468f46ebbfd4b81455853dee1981d3779ca9bb193725d54891bcc36d22a
MD5 hash:
0061941431988c6bd8dbe840d82128cd
SHA1 hash:
29562dd81499656576cd591b7b4073a0cf84bd6c
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
f463b11c3fa004931fd54ae4a77ead0e991ca1b7cc4193b66c3c393cd1300e51
MD5 hash:
f27ad272823d3e8ceb5af3d27c397e2e
SHA1 hash:
27c8375847ee5d2114b6ce11484577a9b0373929
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
d5e2475fc6a9d563b3484d18a71535b958508aea289b79846f948febda14f089
MD5 hash:
c5144656dc7fcdbb98a2f4ebdcad6dae
SHA1 hash:
21564f5fe3324ba956f07ee7ecc20624fed07fb2
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
2e1bc972f9f2ec1196e418b6f47330f6858aab1174bb6572322f9ba34245b374
MD5 hash:
93f6d421bedabc50e7a77db1ec8677ca
SHA1 hash:
1c936e879e3f488c74febfba16a63ec97a7d5836
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
bf44cac78ed41f1cfc35b600c238936a3640bdf3741bc1d9948e2cdd4c9b40ea
MD5 hash:
1c3d7cb81613f5895ba390f236dbfb32
SHA1 hash:
1836dcadb4883a0b72e751327ff2b48c242146cf
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
8f7a8b95ecdd2fd35d3ef421d306ee4f1af0fd107dd8a52cd288473ba0084981
MD5 hash:
5a0bbedda64f8ce2ec4ca651b4254265
SHA1 hash:
171784ac084a52deee0b88d87cc0b395a98a05ac
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
2a7c339a80a6b68d0ea88276d94fa28e96ee510f41f9e0a9b56020bdcd7a8fd6
MD5 hash:
b4a117d42d8c2a69bd305214386250d7
SHA1 hash:
059f74b7ce596d83ce4d8761785fb332d488f6fd
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
419c2b3d4b5cddbf9dc1e14c6db7c5d7027e2b42d728583f725f453d6a464625
MD5 hash:
a7db50ab169717d2f92e05a2bc0beb5c
SHA1 hash:
cf990951199cc910604d47cb1d86cb21b89f5a84
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
SH256 hash:
57691768847f3d6b2356fc99c017e420bce518981e4ff037352abc97b9c6139c
MD5 hash:
8f6c8902178d973c43821ce9986aa974
SHA1 hash:
0bd59c67d987df79f2c764ec9815d3f954bda086
Link:
https://www.unpac.me/results/2e8b8f7d-2537-418a-ad8e-52651d3ecb06/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/57691768847f3d6b2356fc99c017e420bce518981e4ff037352abc97b9c6139c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
SECURITY_BASE_APIUses Security Base APIadvapi32.dll::AdjustTokenPrivileges
WIN32_PROCESS_APICan Create Process and Threadskernel32.dll::CreateProcessW
advapi32.dll::OpenProcessToken
kernel32.dll::CloseHandle
kernel32.dll::CreateThread
WIN_BASE_APIUses Win Base APIkernel32.dll::LoadLibraryA
kernel32.dll::LoadLibraryExW
kernel32.dll::LoadLibraryW
kernel32.dll::GetSystemInfo
kernel32.dll::GetStartupInfoW
kernel32.dll::GetDiskFreeSpaceW
WIN_BASE_IO_APICan Create Fileskernel32.dll::CreateDirectoryW
kernel32.dll::CreateFileW
kernel32.dll::DeleteFileW
kernel32.dll::GetWindowsDirectoryW
kernel32.dll::GetSystemDirectoryW
kernel32.dll::GetFileAttributesW
WIN_BASE_USER_APIRetrieves Account Informationadvapi32.dll::LookupPrivilegeValueW
WIN_REG_APICan Manipulate Windows Registryadvapi32.dll::RegOpenKeyExW
advapi32.dll::RegQueryValueExW
WIN_USER_APIPerforms GUI Actionsuser32.dll::PeekMessageW
user32.dll::CreateWindowExW

Comments