MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67554dd1175027e781cbc81bd6503b1b8287b4e7d0b8e1bcef315acc5f322a8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67554dd1175027e781cbc81bd6503b1b8287b4e7d0b8e1bcef315acc5f322a8f
SHA3-384 hash: e7a4c095509fc866262f58d5a053d099701ad742d91b118dd44af0b5a0b5645d6f36584dbce7f08d9a1e99a6ad6480a5
SHA1 hash: 4381b399a10a3c36c76178b50a27ce79ffbf9e15
MD5 hash: c8b20024a81094cd3583dc5b6c039183
humanhash: cold-enemy-india-magnesium
File name:67554dd1175027e781cbc81bd6503b1b8287b4e7d0b8e1bcef315acc5f322a8f.bin
Download: download sample
File size:2'328'904 bytes
First seen:2021-05-31 11:19:06 UTC
Last seen:2021-05-31 12:16:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 62a4889df319e7e9f1071cd70ec49a87
ssdeep 49152:wMCTFsw975SMIDUrNvArKdSjaO16z1A8DvnD/:nCCwiMISvArgSiA8Dv7
TLSH DBB58C38958592D5FD66407A81E292EA74317332833C6FFF8190D277AE03BD25A7632D
Reporter JAMESWT_WT
Tags:1.A Connect GmbH exe signed

Code Signing Certificate

Organisation:1.A Connect GmbH
Issuer:COMODO RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:2018-08-13T00:00:00Z
Valid to:2022-08-13T23:59:59Z
Serial number: a7e4ded4bf949d15aa4201843f1ab64d
Intelligence: 30 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: d519622e7d1eab2c240860d38779704319f1349cc57ab8c3d51d9f56145b582f
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
67554dd1175027e781cbc81bd6503b1b8287b4e7d0b8e1bcef315acc5f322a8f.bin
Verdict:
No threats detected
Analysis date:
2021-05-31 11:22:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7eef23c6-8630-4033-ab73-e24f32258c0c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/163450/
Detection(s):
SecuriteInfo.com.Mal.BadCert-Gen.437.16806.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/794660
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Execution from Suspicious Folder
System process connects to network (likely due to code injection or exploit)
Uses ipconfig to lookup or modify the Windows network settings
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 427057 Sample: XhBWx1xPxT.bin Startdate: 31/05/2021 Architecture: WINDOWS Score: 64 56 Multi AV Scanner detection for submitted file 2->56 58 Sigma detected: Execution from Suspicious Folder 2->58 8 loaddll64.exe 1 2->8         started        process3 process4 10 rundll32.exe 2 8->10         started        15 rundll32.exe 1 3 8->15         started        17 cmd.exe 1 8->17         started        19 6 other processes 8->19 dnsIp5 42 120.238.157.230, 443, 49715 CMNET-GUANGDONG-APChinaMobilecommunicationscorporation China 10->42 44 1.199.92.109, 443, 49714 CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePR China 10->44 52 2 other IPs or domains 10->52 40 C:\Users\Public\...\OfficeClickToRunARMx.exe, PE32+ 10->40 dropped 60 System process connects to network (likely due to code injection or exploit) 10->60 21 cmd.exe 1 10->21         started        23 OfficeClickToRunARMx.exe 10->23         started        46 120.221.155.227, 443, 49710 CMNET-V4SHANDONG-AS-APShandongMobileCommunicationCompany China 15->46 48 111.43.171.107, 443, 49711, 49712 CMNET-HEILONGJIANG-CNHeiLongJiangMobileCommunicationComp China 15->48 50 58.223.211.220, 443, 49713 CHINATELECOM-JIANGSU-YANGZHOU-IDCCHINATELECOMJiangSuYangZ China 15->50 25 cmd.exe 1 15->25         started        27 OfficeClickToRunARMx.exe 15->27         started        62 Uses ipconfig to lookup or modify the Windows network settings 17->62 29 rundll32.exe 17->29         started        file6 signatures7 process8 process9 31 ipconfig.exe 1 21->31         started        34 conhost.exe 21->34         started        36 conhost.exe 25->36         started        38 ipconfig.exe 1 25->38         started        dnsIp10 54 192.168.2.1 unknown unknown 31->54
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/67554dd1175027e781cbc81bd6503b1b8287b4e7d0b8e1bcef315acc5f322a8f/
Verdict:
suspicious
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210531-nl624nt8ga/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/67554dd1175027e781cbc81bd6503b1b8287b4e7d0b8e1bcef315acc5f322a8f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/163450/

Comments