MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58a3f40acd573408b04854243dfcead0ef488c893ae0199fcfc3b8fb7eb577c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58a3f40acd573408b04854243dfcead0ef488c893ae0199fcfc3b8fb7eb577c3
SHA3-384 hash: adf1c46ebaeacc99e2dbd86ddf889788ed01b222cb55cdb5bb1f3154fae94d5128437cf63839663cccb8adbc8de0822a
SHA1 hash: 6667a4c7e4f6e56717ad1d9637f1e9c08f9cfd07
MD5 hash: 173a09efc26727e0bb1a7ced050bb70b
humanhash: oklahoma-kitten-zebra-december
File name:173a09efc26727e0bb1a7ced050bb70b
Download: download sample
File size:1'921'430 bytes
First seen:2024-10-23 08:14:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:qfvGoWRp0yZwcytlrP9tjXLaQ/f7mRvSo9mL+p:MvEp0owvnpt6Q/f0vrmu
TLSH T1B39533B7A27BC4505343B2944207B033CFF57747ABA2903799568FA1B8712C245AFBE9
Magika zip
Reporter zbetcheckin
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
FR FR
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:sameconcentratepro.exe
File size:1'973'248 bytes
SHA256 hash: e740af0710b331b17ac54cef196b19eb0fd51c79522b5d6b41954501940f812a
MD5 hash: 65695c7b1254ed8c520029e26ed498a8
MIME type:application/x-dosexec
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win64.RATX-gen.27824.1263.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6718b1989e67c24682036aa0
Tags:
Dropper Spawn Msil
Result
Verdict:
Suspicious
File Type:
PE File
Link:
https://app.docguard.net/58a3f40acd573408b04854243dfcead0ef488c893ae0199fcfc3b8fb7eb577c3/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
advpack CAB explorer installer lolbin microsoft_visual_cc packed packed packer_detected rundll32 setupapi sfx shell32
Link:
https://www.filescan.io/uploads/6718b0887f0550dc47f9eb73/reports/3831b9c6-db20-4889-a8df-d48b25efde94/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/58a3f40acd573408b04854243dfcead0ef488c893ae0199fcfc3b8fb7eb577c3
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/58a3f40acd573408b04854243dfcead0ef488c893ae0199fcfc3b8fb7eb577c3
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/58a3f40acd573408b04854243dfcead0ef488c893ae0199fcfc3b8fb7eb577c3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58a3f40acd573408b04854243dfcead0ef488c893ae0199fcfc3b8fb7eb577c3/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2024-10-23 08:15:06 UTC
File Type:
Binary (Archive)
Extracted files:
40
AV detection:
16 of 24 (66.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lcr7icwnk42armcikqsd37hk2dxurdejhlqbth6pyo4pw7vvo7bq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/241023-kceynazekb/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Drops startup file
Executes dropped EXE
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/58a3f40acd573408b04854243dfcead0ef488c893ae0199fcfc3b8fb7eb577c3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_Redline_Stealer
Create hunting rule
Author:Varp0s

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 58a3f40acd573408b04854243dfcead0ef488c893ae0199fcfc3b8fb7eb577c3

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3249710/

Comments


Avatar
zbet commented on 2024-10-23 08:14:09 UTC

url : hxxp://31.15.17.80/mod02/sameconcentratepro.zip