MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 640a7a98bce49018ea3f465fe1ac44fff51560913c41fa9ccc527fd425d22d0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 640a7a98bce49018ea3f465fe1ac44fff51560913c41fa9ccc527fd425d22d0e
SHA3-384 hash: 48b4e627d5b1172095173100f67365f555648ed1a59866fcfd917415795b0d79670c351bf2758a9e0c6c05dc4a0fb602
SHA1 hash: 1b37bfa422cca4c718d20f1608f26cb338838123
MD5 hash: 33951c8d6d60ca57dbea0483776578aa
humanhash: helium-edward-artist-triple
File name:lib64.exe
Download: download sample
File size:503'160 bytes
First seen:2022-12-07 05:39:47 UTC
Last seen:2022-12-07 08:33:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:sPXDhzo+zd5DP6HdoCAKPfc1fQAnMRewDQNzld7:sPlzXzd5DPizJPE11YeiQNld7
Threatray 2'696 similar samples on MalwareBazaar
TLSH T1D9B42313467B5137FB2084B4A0C741156ABA52DAE45DF5CEB86307AB1F28B85CB87F2C
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 32922c4a50a025ad
Reporter JAMESWT_WT
Tags:exe github-com-alibaba2044

Intelligence

File Origin
# of uploads :
2
# of downloads :
185
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
lib64.exe
Verdict:
No threats detected
Analysis date:
2022-12-07 05:42:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1cae475b-3aa3-4393-b66e-08e6ac5c40f6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/343723/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.1446.16962.5256.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Сreating synchronization primitives
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/63902734485d8463dc40ceaa/reports/5ab94a9a-bb64-47e8-a3b2-8007a6159da3/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/24960654-85d3-419d-8d12-2406ee1935cd
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1129612
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/640a7a98bce49018ea3f465fe1ac44fff51560913c41fa9ccc527fd425d22d0e/
Threat name:
ByteCode-MSIL.Trojan.Quasar
Create hunting rule
Status:
Malicious
First seen:
2022-12-07 05:23:12 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
6
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mqfhvgf44sibr2r7izp6dlce772rkyerhra7vhgmkj75ijosfuha._file
Verdict:
malicious
Similar samples:
0f9e71d60e3069524b211280f87d329ea279c0b59b08826a14eec3cf97f9c839
15e2f966937440c34a383f8a2df6fa8b380fbc858b7560e3129f563296e17fbb
1894ee1e31d02ce95f3fb5bfaaeade0718232866702e70bd19a70a0a15a3343c
3e85b31ff1780031f94570fc9801b6a886564a4caa2acc360d2c65f29b22dbb5
59b3453fdaae52815822c89df9595a8e54cbd22bcefb75be3aae1b5c4d88df26
8a63134b33062c4634272b96c12d130f3abe74270f958ac03049eaae8bb66de4
c53364e68c93eac3f3135721a2e28441af61ca6499a1f3ca5cdd8dcff37e5108
e786277086340b57fe809a77cf9ccf0637c59d049abd8b54588fc6193dd2bdf8
fa8d8657315c0ff3057652f4b34194de08fa9d2ff3028ad2043b53c551851358
+ 2'686 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221207-gcwpmahh75/
Behaviour
Suspicious use of AdjustPrivilegeToken
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/7de56126-7f22-4fe7-ac74-34f806f4cbc1
Unpacked files
SH256 hash:
640a7a98bce49018ea3f465fe1ac44fff51560913c41fa9ccc527fd425d22d0e
MD5 hash:
33951c8d6d60ca57dbea0483776578aa
SHA1 hash:
1b37bfa422cca4c718d20f1608f26cb338838123
Link:
https://www.unpac.me/results/1f5b4d71-820e-4869-963c-7a3faa4d2ada/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/640a7a98bce49018ea3f465fe1ac44fff51560913c41fa9ccc527fd425d22d0e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/343723/

Comments