MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60b1aa37a4ac40d5c5adf2de28782976934731408b6c2e89511e1bc5947d5bbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60b1aa37a4ac40d5c5adf2de28782976934731408b6c2e89511e1bc5947d5bbd
SHA3-384 hash: 284256465d1c70a3fb2154afad4b3ca71ea56e8abedf2d24b156d8ab106a5e9b2dd1da38241d54c0d23ef4c6bd86868b
SHA1 hash: 765c319174ec4a3c6cf491606041cfc820cb319d
MD5 hash: de4c8218edeafaa67b7bf0f20409fd3c
humanhash: speaker-football-uncle-north
File name:SecuriteInfo.com.Application.Bundler.FusionCore.CC.21574.26818
Download: download sample
File size:9'916'256 bytes
First seen:2024-10-11 12:12:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1f23f452093b5c1ff091a2f9fb4fa3e9 (274 x GuLoader, 36 x RemcosRAT, 23 x AgentTesla)
ssdeep 196608:RA1K4ji1gmBc/sr0CHgDzZ+EKoyBH5wPZAxSZraLQwrtrbGNgIogvXr:RmXm1p5r0IkL7yBKC4ZrIBSNzv
Threatray 258 similar samples on MalwareBazaar
TLSH T109A6330EA4115B17D812733BC1986E233AA43D7A7DF1E35A64CCAF1BB3E6526C156332
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
File icon (PE):PE icon
dhash icon 4a696ddce4f4f261 (26 x Gozi, 9 x AgentTesla, 3 x FFDroider)
Reporter SecuriteInfoCom
Tags:exe signed

Code Signing Certificate

Organisation:Tim Kosse
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:2019-02-13T00:00:00Z
Valid to:2022-02-12T23:59:59Z
Serial number: 5d38d8bd64455068c2d1c74088c5e28a
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: b610f81c03fb70632f5f3ff4d3482f3c04a7253c55df8ac8db3b43695ecae771
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
368
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Application.Bundler.FusionCore.CC.21574.26818
Verdict:
Malicious activity
Analysis date:
2024-10-11 12:18:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d3695f7c-9844-48d7-89d3-9136a32031a6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Application.Bundler.FusionCore.CC.21574.26818.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67091655385c9c6f6abe4349
Tags:
Installcore Powershell Nsis
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
installer lolbin microsoft_visual_cc overlay packed shell32 signed stealer
Link:
https://www.filescan.io/uploads/67091654192a225263bced6b/reports/bbb4a76e-c3e7-42da-b61f-3f50ff94e120/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/60b1aa37a4ac40d5c5adf2de28782976934731408b6c2e89511e1bc5947d5bbd
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
FusionCore Adware
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/51f97061-ee7a-4f52-a427-1577f2a14845
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw.evad
Score:
54 / 100
Link:
https://www.joesandbox.com/analysis/325951
Behaviour
Behavior Graph:
n/a
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/60b1aa37a4ac40d5c5adf2de28782976934731408b6c2e89511e1bc5947d5bbd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60b1aa37a4ac40d5c5adf2de28782976934731408b6c2e89511e1bc5947d5bbd/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mcy2un5evranlrnn6lpcq6bjo2juomkarnwc5ckrdyn4lfd5lo6q._file
Verdict:
malicious
Label(s):
hacktool_uac_dll
Create hunting rule
Similar samples:
2218550d9478f75a45a7ee23abaceb41618acbd0c06a65cab3bbeac94486ab33
3106418502e3ac49d4ebd8695d9bf545714c372f8398a6680365117c1c1606ec
3b73d0b40752af41cdaa397c87f039167f0a1c9ff8ea6623fc8a8cb4ca787ca7
4e2375353e49f18d6679c5372a688fc5c9a2ae3994830e6fe19e1cd20bc5ea6d
89a5243cac0104e257ede052b495cf346c995df99c306f344650b8b88e89f42d
99b1fc4b8237de739594cd536a4d6a6d0c316c9469fee3e97797fdf6297cf94b
a8ea8f4a6dc931236dc75ea035cda654d2eabbd2ca08a39365c77f7618cadb90
d3cd21416cef508d9a38e0accd80ac9290395b9b447991b928c009409da89c80
d81d6c25570cb1bc79991743c1ad941a301fb1166a145227a5bd3596dc21abdd
error
+ 248 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/241011-pdrfaswgqq/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Program crash
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Loads dropped DLL
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/19d43e37-b604-47b0-9343-edafcfcace26
Unpacked files
SH256 hash:
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
MD5 hash:
466179e1c8ee8a1ff5e4427dbb6c4a01
SHA1 hash:
eb607467009074278e4bd50c7eab400e95ae48f7
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
a2675182408503ec2bbe70baeef6ebd59dd63ffb140b29fb5683ffcb3a4a823b
MD5 hash:
aa212c59cd30f6f79b1b9796b0d3f1a6
SHA1 hash:
97a742c4168aa501bd113ff875e301d31f20be92
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502
MD5 hash:
640bff73a5f8e37b202d911e4749b2e9
SHA1 hash:
9588dd7561ab7de3bca392b084bec91f3521c879
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
948998c5c1f9bf5cebff627bc397a4641acc23fb9a3d32650df4ea3d87f68ebb
MD5 hash:
87dde5538ccc83d54d1fef0abc91998d
SHA1 hash:
61809d0b54b8cb91918ea2656bf43cfdbe4cd648
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
MD5 hash:
0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 hash:
48df0911f0484cbe2a8cdd5362140b63c41ee457
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
39b1bf4c55db3872c7c6f08e5764bac2def6faed0fbcc68d6cce5aab61243ec8
MD5 hash:
73bc9c462c0c577d7e5646e8f3c123fc
SHA1 hash:
1e5a5962d2c7b56eb178dbcf0fa0103861674daf
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
MD5 hash:
adb29e6b186daa765dc750128649b63d
SHA1 hash:
160cbdc4cb0ac2c142d361df138c537aa7e708c9
Detections:
INDICATOR_TOOL_UAC_NSISUAC
Create hunting rule
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
Parent samples :
f5f3e5658f8ec6c1e7ffa7e7d6df06d04af1f3a5941206ce23b8be979c60ccb1
6e22c0f2732195063cb4984c6520c3b85e1236e967f8bb05b3c1b35139d2917b
713a497c8da97c2082758fd31147539f408a72b62041c6c9ed77037021621e94
dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce
ac142a8087949b5ad4e3a503ca37609845112c4f7e0cd1376669c9d5c8f5cdf2
15d4dbafb6fb1770507db7769b2df6f3857da0ad3203a71c5f82a99688dac2b3
b96862087581adb9ecfb9615a46eedb29d13c606e708b7b532ce6ed3217925a4
4f2e6dc8e4d8e0dfcc44a28d34c10653bd833abb8832e47e609d255f246c67f0
df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3
60b1aa37a4ac40d5c5adf2de28782976934731408b6c2e89511e1bc5947d5bbd
f7ae58f22cbdeb69318f6cb3ff3757a9888e8731febd66e85ee9938f874705c9
fbfe2108631e3ccaa8db2f5c4439009c7a5a53136481b422236eefe2e48b690f
340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2
34a5c9c0106b37687fbdd51a60a026d06e7301ec40b1f7fb49384d8fe748e9e6
503c9fae00b047a77059de8e9ff6dddb6d2584f18ccf6480d69d395c65492ad4
SH256 hash:
9aa388c7de8e96885adcb4325af871b470ac50edb60d4b0d876ad43f5332ffd1
MD5 hash:
9eb662f3b5fbda28bffe020e0ab40519
SHA1 hash:
0bd28183a9d8dbb98afbcf100fb1f4f6c5fc6c41
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
fd4aaac2c48940ca8eb87b31095175373ae44862dde88c8bd1b9a9643b1869e8
MD5 hash:
6df68a6a4a2d32138113269da30bc8b8
SHA1 hash:
dbabb0e163ddf7fc750f1d4ea7dad1d946a55327
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
f918210e5af8928d41ab16aa200809d61dccc6558ee4f7706bf336bb020eeb0e
MD5 hash:
611fa35e77c3c482ac51b7ccf8f73fb5
SHA1 hash:
05798418c512b447c701b53187560764bbf8e79e
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
ca110b5302ee40fc992ce076da099d01c9bf19fc264f4bc5ad05b37955700640
MD5 hash:
ed1ae05aa806172bcaf0957c850b8ff5
SHA1 hash:
70faf1abb7a699e71d2fad85437fd7d79a1c3ab3
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
c64abb1fd528ab30e89985e31cea7727d170ad7ca2e2eb207c395d3361e65d57
MD5 hash:
4cc679b3185e3911451e1a2dcb487ea0
SHA1 hash:
1febc5599993f0a3287cdb48d88fb780a60c09ae
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
bc2068284a25c8d659157a94c7538be220dff3204b9d6f8e2b651881a6dccd1f
MD5 hash:
ef9b8fbecf9b254040f48c8a317a00a5
SHA1 hash:
06fe58b3afcb088ae797aae31e802f76403e7ed1
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
7a720af0e1a37bf5cc00e67340cd67ac2bdeb675f7fe71571dd992d9ef7748a7
MD5 hash:
b8b4669cc8dc70d93370ffbec2c0dc6d
SHA1 hash:
aef3c2ba1b69bcdc2acb985bce8796938a840c98
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
7a470a02bebd0142bc007b5efd88437a599b84e4314ba40fcfe2bf5904caaa70
MD5 hash:
ebeef608d2040f117f1ad39df32e87bb
SHA1 hash:
0543407c64a7f6d3a4e1a058aedda8e18961e33e
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
661fb4e81dab0130010e5872927865c2f1d263ab000fad8b13c57f1cb0953ebc
MD5 hash:
034ea156b00ac112528c208935c48656
SHA1 hash:
6d477f92cbc5ae672cede3b92578aae35ce44c73
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
5cc6fed5aa55249a06ec84d5858ea2064c1c7a11260d6e78e68c3ed2d8751645
MD5 hash:
e3fe9760b31127897888df6af661f566
SHA1 hash:
767255ef79924460d797d1349e5a21651d00563b
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
55f0b98c3b70d839892102f68cc493b335c2fc4351345095b1826ec674bc03a7
MD5 hash:
497a188dcc2f557d1756c7d01e37bfd1
SHA1 hash:
d159cb37218511c778ead8c7dd8b20fc3bbaaf36
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
54f609352c38ba17be60ca2ea1e676212aa2d5c2f068d80fbfa972988b4bcda3
MD5 hash:
b8fcfffa88d51c599e0f24482279c13b
SHA1 hash:
4c0f888cfbabff32adb3b82319f9a1c8938c0771
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
0f9a9c931b43b98ed7e6487fab3f8d83782b7b4c5a581bf3809325023891acb1
MD5 hash:
56ff0ccd1777bba724ceac3847d0aee0
SHA1 hash:
f38cefd59d2ab2478c3ab1d549d985821acc1bce
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
0c30e11ce2e91cd1324ec6866a926228ba192b9589223c1d029f6bd29cfb652e
MD5 hash:
41c86485e883fcae12b8d4c113ca6d20
SHA1 hash:
c28cab0a4a5f685c158c8d13589341870d3495a8
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
08dab9a44534039bb6c23b8c907084c117f3ff17cbee18897d977e6e9f414358
MD5 hash:
c895963fa4f5f72ae7b4399810157fc8
SHA1 hash:
604c86f5370d690184a493fd3ca3fd2312816450
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
062ff7e5d80ff7902258ec43b1830176ea3d15555f87753ddb9838c41ca57860
MD5 hash:
339dea359b5f0f0792063530cea8aeee
SHA1 hash:
fc42412146cb421c22b85d970cb3cda747e11bdb
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
SH256 hash:
60b1aa37a4ac40d5c5adf2de28782976934731408b6c2e89511e1bc5947d5bbd
MD5 hash:
de4c8218edeafaa67b7bf0f20409fd3c
SHA1 hash:
765c319174ec4a3c6cf491606041cfc820cb319d
Link:
https://www.unpac.me/results/04182fb2-8449-49ff-b521-68f465eadcbf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.32
Link:
https://yomi.yoroi.company/submissions/60b1aa37a4ac40d5c5adf2de28782976934731408b6c2e89511e1bc5947d5bbd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:Sectigo_Code_Signed
Create hunting rule
Description:Detects code signed by the Sectigo RSA Code Signing CA
Reference:https://bazaar.abuse.ch/export/csv/cscb/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::SetFileSecurityW
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExW
SHELL32.dll::SHFileOperationW
SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
ADVAPI32.dll::OpenProcessToken
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetDiskFreeSpaceW
KERNEL32.dll::GetCommandLineW
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileExW
KERNEL32.dll::MoveFileW
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::LookupPrivilegeValueW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuW
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExW
USER32.dll::OpenClipboard
USER32.dll::PeekMessageW
USER32.dll::CreateWindowExW

Comments