MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58bef95d2f1dc3d23b16d982a452e982d4812eee455bc90b2c8694e5e58eec28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58bef95d2f1dc3d23b16d982a452e982d4812eee455bc90b2c8694e5e58eec28
SHA3-384 hash: 54df4f6cb32a3b0c0a3eff3432daf5796bcf3288b097c44183fac7bdb382b908091fbc9ad3fdd13915a17c50d2e40731
SHA1 hash: 19d4f60c3314a62f1aab033940aa60d2ffc18761
MD5 hash: 9a288acdafcc3174009d440707be3aa8
humanhash: idaho-venus-floor-lactose
File name:58bef95d2f1dc3d23b16d982a452e982d4812eee455bc90b2c8694e5e58eec28.dll
Download: download sample
File size:520'704 bytes
First seen:2021-11-24 20:58:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8c1ecba9b22e62a6fc79d77bc4fb2be7
ssdeep 12288:YJU3y3g7+T/9DIzFdAcXoNN5akvnAeLEL50f3DwL:YO3S5TeZdAcXYNLuLibi
Threatray 33 similar samples on MalwareBazaar
TLSH T15AB49E1AFBA40475E067D13889B38646E7727C5A0B60DADF2364571E1F33FE05A3AB21
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
58bef95d2f1dc3d23b16d982a452e982d4812eee455bc90b2c8694e5e58eec28.dll
Verdict:
No threats detected
Analysis date:
2021-11-24 21:05:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f9fda21f-1ccd-40e7-918d-91408ed3ea58

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/619ea797b71ceed4152f0096/reports/620fef9d-ee05-4e68-bdb5-68e13502546f/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d36feee6-c107-4314-a2b1-305ead016d5f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/895766
Signature
Creates an autostart registry key pointing to binary in C:\Windows
Sigma detected: UNC2452 Process Creation Patterns
Tries to detect virtualization through RDTSC time measurements
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 528244 Sample: pAGAAcyUcy.dll Startdate: 24/11/2021 Architecture: WINDOWS Score: 64 53 Sigma detected: UNC2452 Process Creation Patterns 2->53 10 loaddll64.exe 1 2->10         started        13 rundll32.exe 2->13         started        process3 signatures4 57 Tries to detect virtualization through RDTSC time measurements 10->57 15 rundll32.exe 10->15         started        18 cmd.exe 1 10->18         started        20 rundll32.exe 10->20         started        22 rundll32.exe 10->22         started        process5 signatures6 61 Tries to detect virtualization through RDTSC time measurements 15->61 24 cmd.exe 1 15->24         started        63 Uses ping.exe to sleep 18->63 65 Uses ping.exe to check the status of other devices and networks 18->65 26 rundll32.exe 18->26         started        process7 process8 28 rundll32.exe 24->28         started        30 conhost.exe 24->30         started        32 choice.exe 1 24->32         started        process9 34 cmd.exe 1 28->34         started        37 cmd.exe 1 28->37         started        signatures10 55 Uses ping.exe to sleep 34->55 39 PING.EXE 1 34->39         started        42 rundll32.exe 34->42         started        44 conhost.exe 34->44         started        46 reg.exe 1 1 37->46         started        49 conhost.exe 37->49         started        process11 dnsIp12 51 192.0.2.37 unknown Reserved 39->51 59 Creates an autostart registry key pointing to binary in C:\Windows 46->59 signatures13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58bef95d2f1dc3d23b16d982a452e982d4812eee455bc90b2c8694e5e58eec28/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-11-24 20:59:13 UTC
File Type:
PE+ (Dll)
Extracted files:
4
AV detection:
11 of 28 (39.29%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
100ab1a8d68493c43a477aa54948803f96a31b4c7854840a505de009d6c360a8
164141bfd473324a9b7f87c4c194c0b2245167228aec970f0487e3a6566b15f5
22e899eddfcdd250f184f10d71b117c2b6a1625847ba5c46c39ee6245afc1ef2
2a2b204b3d8df0388dd42a8fa5b7e9652f262c15b92de6ff13fec8778a6aac3f
33082f1f702c0919efd47a7c935aa3972c90f7f7419c9aa6c87492f57658d403
69c6638c277af7f94f34c6f1ea1cee9d7cf5ee7a1e8ef0d2df527f8d6a529f5f
880e2c5548284e08c44028f419a98350fa58e9f758a57f4ddb7b5d6e48fc7eb9
b24e47b63ec35e9a420b9fbb64106b2f9e6e8a18676e8c79ff2ca67af06f1291
b35e23599a0c1f88bc04a1a656aa158fda2fc46750d810bfe6801f96cdbec0fa
e192593ff1df7a3d24cc9463fdcde0b39b49a26816da608d50960da3131e2e36
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/211124-zsqgnadfdl/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
58bef95d2f1dc3d23b16d982a452e982d4812eee455bc90b2c8694e5e58eec28
MD5 hash:
9a288acdafcc3174009d440707be3aa8
SHA1 hash:
19d4f60c3314a62f1aab033940aa60d2ffc18761
Link:
https://www.unpac.me/results/4a96e4cf-b190-46b6-9aab-087379d999bc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/58bef95d2f1dc3d23b16d982a452e982d4812eee455bc90b2c8694e5e58eec28

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/209198/

Comments