MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65e13743faf495eef0607f5b9b0bd2cc3ce340b2ea08782c61a36952a955d2f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65e13743faf495eef0607f5b9b0bd2cc3ce340b2ea08782c61a36952a955d2f9
SHA3-384 hash: 507925f0af6f98179ff448481f5511e189363a51541bc75a98d0ee7f41a8994ca8de23f67b514cb43d7f080663977540
SHA1 hash: bb06fe207247f57e9d34e897b8167881b4b3de0b
MD5 hash: 1c6a2b0d48193d9486d0d89cc75d31d7
humanhash: maryland-edward-nine-cup
File name:SecuriteInfo.com.Trojan.Brsecmon.1.30741.25807
Download: download sample
File size:347'648 bytes
First seen:2020-08-15 16:30:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8556fbc2cbb7b07cb79a75a8c93d8542
ssdeep 6144:VJdBNMb3eIiER/awqyCCa0aHy2iSHz5nBdo8nz4gWLw3eP/WMBJq3:VJdjYhiEVSvbHyL+Ldoqz4xMOHJq3
TLSH F374DF92BAF5A036E6F34A3037746B514A7FB9736B7181AF7754124A0E302C09E71B63
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46315/
Detection(s):
SecuriteInfo.com.Trojan.Brsecmon.1.30741.25807.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/432032
Signature
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 268426 Sample: SecuriteInfo.com.Trojan.Brs... Startdate: 17/08/2020 Architecture: WINDOWS Score: 68 42 Machine Learning detection for sample 2->42 44 Uses schtasks.exe or at.exe to add and modify task schedules 2->44 7 SecuriteInfo.com.Trojan.Brsecmon.1.30741.exe 2->7         started        10 AONS.exe 2->10         started        12 AONS.exe 2->12         started        14 AONS.exe 2->14         started        process3 signatures4 46 Detected unpacking (changes PE section rights) 7->46 48 Detected unpacking (overwrites its own PE header) 7->48 50 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 7->50 16 cmd.exe 1 7->16         started        18 cmd.exe 1 7->18         started        20 cmd.exe 1 7->20         started        22 4 other processes 7->22 process5 process6 24 conhost.exe 16->24         started        26 schtasks.exe 1 16->26         started        28 conhost.exe 18->28         started        30 icacls.exe 1 18->30         started        32 conhost.exe 20->32         started        34 icacls.exe 1 20->34         started        36 conhost.exe 22->36         started        38 conhost.exe 22->38         started        40 4 other processes 22->40
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/65e13743faf495eef0607f5b9b0bd2cc3ce340b2ea08782c61a36952a955d2f9/
Threat name:
Win32.Trojan.Brsecmon
Create hunting rule
Status:
Malicious
First seen:
2019-08-03 23:26:50 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
suspicious
Result
Malware family:
n/a
Score:
  9/10
Tags:
discovery persistence
Link:
https://tria.ge/reports/200815-ge7djxfewe/
Behaviour
Creates scheduled task(s)
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Program crash
Adds Run key to start application
Adds Run key to start application
Loads dropped DLL
Modifies file permissions
Modifies file permissions
Executes dropped EXE
Executes dropped EXE
ServiceHost packer
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dofoil
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/65e13743faf495eef0607f5b9b0bd2cc3ce340b2ea08782c61a36952a955d2f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 65e13743faf495eef0607f5b9b0bd2cc3ce340b2ea08782c61a36952a955d2f9

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/46315/
  
URLhaus
https://urlhaus.abuse.ch/url/433899/
  
Delivery method
Distributed via web download

Comments