MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64119e925a2c5fe96481a18acdab674856490be0a3051e5e4508ac20a83ad42e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 64119e925a2c5fe96481a18acdab674856490be0a3051e5e4508ac20a83ad42e
SHA3-384 hash: 8b5e6e51358966ee0ca6e8aac5ab9ad28990df8bb278cbc0056f52cf1f460459d1cbe92d8070c090229f8c3b8aa385e3
SHA1 hash: 169f4d51483e450281dc198e9d9b3b20e3896063
MD5 hash: 129b84fb7ad6599bc881360d512e827d
humanhash: river-may-batman-oven
File name:SecuriteInfo.com.Win32.Evo-gen.2912.6588
Download: download sample
File size:2'323'691 bytes
First seen:2023-09-30 03:29:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ba3ea0d6362a841ec66a1fc0a1b874f
ssdeep 49152:ufdrf4AJ8DGUehMBNBSHnbaG4XWEucbfntpvSCD7EJ9Q:OrZ2GBhoNBscXducbfbZZ
TLSH T1FFB533517BA6C0FFD1816438CE297BB9A1FDC7C84B39C157A3644B2E6F64758C22092E
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10523/12/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4505/5/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 848c5454baf47474 (2'088 x Adware.Neoreklami, 101 x RedLineStealer, 33 x DiamondFox)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
273
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/452165/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.2912.6588.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Running batch commands
Launching a process
Сreating synchronization primitives
Creating a process with a hidden window
Searching for the window
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
installer lolbin masquerade overlay packed SFX shell32
Link:
https://www.filescan.io/uploads/65179640988a26b6d97246c1/reports/f78c9249-7b48-421e-a285-fb2e5731923b/overview
Verdict:
Malicious
Labled as:
Trojan.DuckTail
Link:
https://www.hybrid-analysis.com/sample/64119e925a2c5fe96481a18acdab674856490be0a3051e5e4508ac20a83ad42e
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0e963dac-c790-4f1c-9ea2-63a383a3824f
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1317052
Signature
Antivirus detection for dropped file
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1317052 Sample: SecuriteInfo.com.Win32.Evo-... Startdate: 30/09/2023 Architecture: WINDOWS Score: 76 27 Antivirus detection for dropped file 2->27 29 Multi AV Scanner detection for dropped file 2->29 31 Multi AV Scanner detection for submitted file 2->31 33 3 other signatures 2->33 10 SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe 3 2->10         started        process3 file4 25 C:\Users\user\AppData\Local\Temp\...\Zmepn.5, PE32 10->25 dropped 13 cmd.exe 1 10->13         started        process5 process6 15 control.exe 1 13->15         started        17 conhost.exe 13->17         started        process7 19 rundll32.exe 15->19         started        process8 21 rundll32.exe 19->21         started        process9 23 rundll32.exe 21->23         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/64119e925a2c5fe96481a18acdab674856490be0a3051e5e4508ac20a83ad42e/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-09-30 03:18:15 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
7 of 23 (30.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mqiz5es2frp6szebugfm3k3hjblesc7aumcr4xsfbcwcbkb22qxa._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230930-d2hbrahg99/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Unpacked files
SH256 hash:
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a
MD5 hash:
1793a376ca1fed61015affe8439c1b82
SHA1 hash:
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4
Link:
https://www.unpac.me/results/0d2f8cbd-22c9-4002-87c3-3d0d07d0c6c0/
SH256 hash:
64119e925a2c5fe96481a18acdab674856490be0a3051e5e4508ac20a83ad42e
MD5 hash:
129b84fb7ad6599bc881360d512e827d
SHA1 hash:
169f4d51483e450281dc198e9d9b3b20e3896063
Link:
https://www.unpac.me/results/0d2f8cbd-22c9-4002-87c3-3d0d07d0c6c0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/64119e925a2c5fe96481a18acdab674856490be0a3051e5e4508ac20a83ad42e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 64119e925a2c5fe96481a18acdab674856490be0a3051e5e4508ac20a83ad42e

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/452165/
  
URLhaus
https://urlhaus.abuse.ch/url/2715154/
  
Delivery method
Distributed via web download

Comments