MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58ae584470a61f3225e8d5ad1d7359f0a132a81438ff8fc427a42ba41feaf040. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 6 File information Comments

SHA256 hash:	58ae584470a61f3225e8d5ad1d7359f0a132a81438ff8fc427a42ba41feaf040
SHA3-384 hash:	2a7382f46096340782869583b7b6df092f5a0febab2d66dd4c53df113a8df612882cda5cadfb474521d9ca50f6dd4309
SHA1 hash:	709a9da2cf3f41b96380c3fa000ef708467356f9
MD5 hash:	6482172861f498a2c66f3ef306836e1d
humanhash:	bakerloo-king-oklahoma-floor
File name:	Virus.Sysbot.ATA_virussign.com_6482172861f498a2c66f3ef306836e1d
Download:	download sample
File size:	252'361 bytes
First seen:	2023-09-07 11:08:06 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4517235d6f012421e28370dfa4e6f8c4
ssdeep	6144:cZSE8UGJwiYwUfWeR7oHYnOW111mFW+9k3:E3GFY/jWHYt1yW+a
Threatray	73 similar samples on MalwareBazaar
TLSH	T13D34C0C46692D149D2FA957F14F67E188A20FC954A108AF273C9353E2DE74EC19CA83F
TrID	52.9% (.EXE) Win32 Executable (generic) (4505/5/1) 23.5% (.EXE) Generic Win/DOS Executable (2002/3) 23.5% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	e4e8d49494b4d4cc (2 x QuasarRAT, 1 x Cosmu)
Reporter	Turkeytmfounder
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

263

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Virus.Sysbot.ATA_virussign.com_6482172861f498a2c66f3ef306836e1d

Verdict:

No threats detected

Analysis date:

2023-09-07 11:17:17 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e8d2fa08-379b-461c-a516-ae278e740ac8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/447074/

Detection(s):

Win.Worm.Generic-9786786-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a file

Modifying an executable file

Moving a recently created file

Enabling the 'hidden' option for recently created files

Creating a file in the Program Files subdirectories

Moving a file to the Program Files subdirectory

Delayed reading of the file

Sending a custom TCP request

Infecting executable files

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

overlay packed packed virus

Link:

https://www.filescan.io/uploads/64f9af4e2a262962b7966dd6/reports/dfc06748-8984-4059-9f9c-011f26a37a9e/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/58ae584470a61f3225e8d5ad1d7359f0a132a81438ff8fc427a42ba41feaf040

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Tyupkin

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/569d2989-cf1b-4429-8fbe-191e1d62aa38

Result

Threat name:

n/a

Detection:

malicious

Classification:

spre.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1305511

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Drops executable to a common third party application directory

Infects executable files (exe, dll, sys, html)

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/58ae584470a61f3225e8d5ad1d7359f0a132a81438ff8fc427a42ba41feaf040/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2023-06-27 16:44:54 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

29 of 38 (76.32%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lcxfqrdquyptejpi2wwr242z6cqtfkauhd7y7rbhuqv2ih7k6baa._file

Verdict:

unknown

0971a341d1f5c7c928463ee19acb6b226c9dda7c1682b8bee42f4394921e67f4

2010a7e1a136a9881ba4db4beb99088ea77ea2997d36e6d1d16fc696b34fda8b

28894ebd9537959f6d45cb8f5cd21fcff66472820f5e8bcc6944276fa32c2623

4c988891326eea9e5fe8aeaa93ffb3f7001bd3cda048a72ab24c8b54dd1834e4

a1d99da15a8902431ab728f50cc47294cdb18fa204d4343f42e49fc84d44bed6

a6ccbe999228a8ef36443b321573865ddf4dac81e20a586d694d8a2ff4837279

ca10c218c7ed12f56148c11d31a0698c8d232064faba12402c16b70f7e34bf55

dccceaaa2022c7ebde90a5596464855302d6621a04f80314f312968331b165b2

f8d665d64793bd0d9c015c19f5eef47e7ece8e03f932e98bec38483dc2afdaad

+ 63 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://tria.ge/reports/230907-m85kasha66/

Behaviour

Drops file in Program Files directory

Enumerates connected drives

Unpacked files

SH256 hash:

41af89749e570992ed38fc7ed9a0ad635817f763934507bdd414ee6b39667bdb

MD5 hash:

caaad087744752782955fa98018c7825

SHA1 hash:

b3174a5aa2e66944bb5c598512f9c62341242666

Link:

https://www.unpac.me/results/5ef04eeb-c64b-4f74-a6b5-d1c619a92d07/

SH256 hash:

58ae584470a61f3225e8d5ad1d7359f0a132a81438ff8fc427a42ba41feaf040

MD5 hash:

6482172861f498a2c66f3ef306836e1d

SHA1 hash:

709a9da2cf3f41b96380c3fa000ef708467356f9

Link:

https://www.unpac.me/results/5ef04eeb-c64b-4f74-a6b5-d1c619a92d07/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/58ae584470a61f3225e8d5ad1d7359f0a132a81438ff8fc427a42ba41feaf040

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	INDICATOR_EXE_Packed_MPress Create hunting rule
Author:	ditekSHen
Description:	Detects executables built or packed with MPress PE compressor

Rule name:	maldoc_getEIP_method_1 Create hunting rule
Author:	Didier Stevens (https://DidierStevens.com)

Rule name:	meth_get_eip Create hunting rule
Author:	Willi Ballenthin

Rule name:	mpress_2_xx_x86 Create hunting rule
Author:	Kevin Falcoz
Description:	MPRESS v2.XX x86 - no .NET

Rule name:	TeslaCryptPackedMalware Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/447074/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample