MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5feb8b2988d631bca34004c8ba13f043f585150b9cd83aad3a8e8c4839eb6a0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SVCReady


Vendor detections: 7


Intelligence 7 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5feb8b2988d631bca34004c8ba13f043f585150b9cd83aad3a8e8c4839eb6a0b
SHA3-384 hash: 6ea06421cbd5cd431f4c8dbcce68b09a7e2321c528d99edef650d0c0fbed07e9973d4552a1c3b1fc5ef425837daf3d89
SHA1 hash: 1802bb7f75292ad26f53328b9c7df044d8f41dad
MD5 hash: 7ec1c191a4090c2ac974f4cf35059514
humanhash: sierra-double-rugby-seventeen
File name:yB4CC.tmp.bin
Download: download sample
Signature SVCReady
Create hunting rule
File size:1'180'160 bytes
First seen:2022-07-18 10:19:53 UTC
Last seen:2022-07-18 10:49:30 UTC
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 24576:Pd/BkIVYwdZpl3QEwgc/gTx3Q0hRejKEaqQm8PGKwE3h4L2wH/87/c9JdDUnWcaG:P
Threatray 114 similar samples on MalwareBazaar
TLSH T1E845BEF876047DD6667F567BDA96ECDC13B616228ACBA4CD8064BBC30563376FE02804
TrID 38.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
26.3% (.EXE) Win32 Executable (generic) (4505/5/1)
11.8% (.EXE) OS/2 Executable (generic) (2029/13)
11.6% (.EXE) Generic Win/DOS Executable (2002/3)
11.6% (.EXE) DOS Executable Generic (2000/1)
Reporter JAMESWT_WT
Tags:dll SVCReady

Intelligence

File Origin
# of uploads :
2
# of downloads :
329
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/291555/
Detection(s):
SecuriteInfo.com.Ransom.Contigen18.12460.29159.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62d533e90e298a94f3d94728/reports/e0447e1d-c547-4088-8fad-e2133981b5dd/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b6bec73a-61d7-4481-994a-ba7cbd49e1d1
Result
Threat name:
ReflectiveLoader, SVCReady
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1035655
Signature
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Tries to delay execution (extensive OutputDebugStringW loop)
Yara detected ReflectiveLoader
Yara detected SVCReady Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5feb8b2988d631bca34004c8ba13f043f585150b9cd83aad3a8e8c4839eb6a0b/
Threat name:
Win32.Trojan.Svcready
Create hunting rule
Status:
Malicious
First seen:
2022-07-18 10:20:13 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l7vywkmi2yy3zi2aatelue7qip2ykfilttmdvlj2r2geqoplnifq._file
Verdict:
malicious
Similar samples:
015a0d0b474ac3f999517235644a38f402af28c53ae96f78e4e1ac961ebfdc91
SVCReady
1dc652ce6616a4dc16dc065ab189eb0f365d02c1d1ec45a5875c41ff98b24753
SVCReady
2956779991070281c8dba226d96849ce5272818d38f96d29a7832e894b220ea4
SVCReady
48195f6a4343fb133da1fbca2ce7e8494ff6b5af88d813c8f61922952f55859f
SVCReady
71bc707f557a7f7470219611c8525f11d96d1b4abdbd64d715aeeb323bcf0288
SVCReady
dd997b080916cb253cdbc957ae129e1ca236e12b3328b69519d2ce9c5b071bc3
SVCReady
f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6
SVCReady
+ 104 additional samples on MalwareBazaar
Result
Malware family:
svcready
Create hunting rule
Score:
  10/10
Tags:
family:svcready loader
Link:
https://tria.ge/reports/220718-mc4ccscedl/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Detects SVCReady loader
SVCReady
Unpacked files
SH256 hash:
5feb8b2988d631bca34004c8ba13f043f585150b9cd83aad3a8e8c4839eb6a0b
MD5 hash:
7ec1c191a4090c2ac974f4cf35059514
SHA1 hash:
1802bb7f75292ad26f53328b9c7df044d8f41dad
Link:
https://www.unpac.me/results/921f051d-b12e-405e-9149-dd0379659c4e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/5feb8b2988d631bca34004c8ba13f043f585150b9cd83aad3a8e8c4839eb6a0b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_win32_svcready_loader_unpacked
Create hunting rule
Author:Rony (@r0ny_123)
Rule name:simp_dll_svcready
Create hunting rule
Author:@stoerchl
Description:SVCReadyLoader DLL
Rule name:svcready_bin
Create hunting rule
Author:James_inthe_box
Description:SVCReady
Reference:f690f484c1883571a8bbf19313025a1264d3e10f570380f7aca3cc92135e1d2e
Rule name:SVCReady_Packed
Create hunting rule
Author:Andre Gironda
Description:packed SVCReady / win.svcready
Rule name:win_svcready_w0
Create hunting rule
Author:@AndreGironda
Description:packed SVCReady / win.svcready

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/291555/

Comments