MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 682bd253c8b87b8afcc246bf9aa2577857aa1f454b839ac3eca14506e44f2ab0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 682bd253c8b87b8afcc246bf9aa2577857aa1f454b839ac3eca14506e44f2ab0
SHA3-384 hash: 0882ccad3887064098d66a9e9b0993d40a43cdc37d3f17252c8e2fabf6138d594a615fc726012f934e99fe3c706ef225
SHA1 hash: f34fb99c8c0c6bcb3518423f745604e5f026b0bb
MD5 hash: 83dfb68ccf4a2ed5ed483fe453b21054
humanhash: fifteen-spaghetti-early-enemy
File name:Speedify VPN-V12.5.0.exe
Download: download sample
File size:8'505'128 bytes
First seen:2022-10-15 01:04:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 61259b55b8912888e90f516ca08dc514 (1'059 x Formbook, 741 x AgentTesla, 431 x GuLoader)
ssdeep 196608:VEUhmqujN7PwPe+rDREkyqG75iQxqUdWl9u9Ne0:VhzuB72Zg5XhdWOh
Threatray 2 similar samples on MalwareBazaar
TLSH T10E862380B88D86CDFF298DB91610B5FC05379F7FC5ACA4150BE4F988BAF2652061CE95
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon d3306939606933b4
Reporter onecert_ir
Tags:exe signed

Code Signing Certificate

Organisation:Connectify (Connectify, Inc.)
Issuer:DigiCert Global G3 Code Signing ECC SHA384 2021 CA1
Algorithm:ecdsa-with-SHA384
Valid from:2021-10-08T00:00:00Z
Valid to:2024-10-08T23:59:59Z
Serial number: 0934a6d29414c6beefcbe7c2260d7ffb
Thumbprint Algorithm:SHA256
Thumbprint: 4a7f527f9e4715fc4761ded59679ec83dafb401295d80ff80023b30a68c4fe42
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
305
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
682bd253c8b87b8afcc246bf9aa2577857aa1f454b839ac3eca14506e44f2ab0.zip
Verdict:
Malicious activity
Analysis date:
2022-10-15 08:55:47 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ce903838-496e-4173-82fb-c6ef8af99ae8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/320519/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Creating a file
Creating a window
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Searching for the Windows task manager window
Creating a process from a recently created file
Creating a process with a hidden window
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Creating a service
Launching a service
Searching for synchronization primitives
Transferring files using the Background Intelligent Transfer Service (BITS)
Enabling the 'hidden' option for files in the %temp% directory
Moving a file to the %temp% directory
Enabling autorun for a service
Enabling autorun by creating a file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/43208/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/634a0704b87ce1b32f78f99e/reports/aabafd32-7feb-4f89-8f15-118c3d07a38a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/e36f29ef-3153-43ab-a321-161d107e64bd
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
42 / 100
Link:
https://www.joesandbox.com/analysis/1091075
Signature
Changes security center settings (notifications, updates, antivirus, firewall)
Creates an undocumented autostart registry key
Found evasive API chain checking for user administrative privileges
Query firmware table information (likely to detect VMs)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 723685 Sample: Speedify VPN-V12.5.0.exe Startdate: 15/10/2022 Architecture: WINDOWS Score: 42 8 Speedify VPN-V12.5.0.exe 53 2->8         started        12 svchost.exe 2->12         started        15 svchost.exe 2->15         started        17 10 other processes 2->17 dnsIp3 84 204.79.197.219 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 8->84 86 8.8.8.8 GOOGLEUS United States 8->86 88 23.205.181.161 AKAMAI-ASUS United States 8->88 62 C:\Users\user\AppData\...\WebView2Runtime.msi, PE32 8->62 dropped 64 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 8->64 dropped 66 C:\Users\user\AppData\Local\Temp\...\UAC.dll, PE32 8->66 dropped 70 5 other files (none is malicious) 8->70 dropped 19 WebView2Runtime.msi 107 8->19         started        94 Changes security center settings (notifications, updates, antivirus, firewall) 12->94 23 MpCmdRun.exe 12->23         started        96 Query firmware table information (likely to detect VMs) 15->96 90 52.184.220.11 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 17->90 68 C:\...\MicrosoftEdge_X64_106.0.1370.47.exe, PE32+ 17->68 dropped 25 MicrosoftEdge_X64_106.0.1370.47.exe 17->25         started        27 MicrosoftEdgeUpdate.exe 17->27         started        file4 signatures5 process6 file7 52 C:\...\MicrosoftEdgeUpdate.exe, PE32 19->52 dropped 54 C:\Program Files (x86)\...\psuser_arm64.dll, PE32+ 19->54 dropped 56 C:\Program Files (x86)\...\psuser_64.dll, PE32+ 19->56 dropped 60 97 other files (none is malicious) 19->60 dropped 92 Found evasive API chain checking for user administrative privileges 19->92 29 MicrosoftEdgeUpdate.exe 27 7 19->29         started        33 conhost.exe 23->33         started        58 C:\Program Files (x86)\...\setup.exe, PE32+ 25->58 dropped 35 setup.exe 25->35         started        signatures8 process9 file10 72 C:\...\MicrosoftEdgeUpdate.exe, PE32 29->72 dropped 74 C:\...\psuser_arm64.dll (copy), PE32+ 29->74 dropped 76 C:\...\psuser_64.dll (copy), PE32+ 29->76 dropped 80 98 other files (none is malicious) 29->80 dropped 98 Creates an undocumented autostart registry key 29->98 37 MicrosoftEdgeUpdate.exe 216 29->37         started        39 MicrosoftEdgeUpdate.exe 29->39         started        42 MicrosoftEdgeUpdate.exe 60 29->42         started        44 MicrosoftEdgeUpdate.exe 29->44         started        78 C:\Program Files (x86)\...\setup.exe, PE32+ 35->78 dropped signatures11 process12 dnsIp13 46 MicrosoftEdgeUpdateComRegisterShell64.exe 102 37->46         started        48 MicrosoftEdgeUpdateComRegisterShell64.exe 37->48         started        50 MicrosoftEdgeUpdateComRegisterShell64.exe 37->50         started        82 13.107.42.16 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 39->82 process14
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/682bd253c8b87b8afcc246bf9aa2577857aa1f454b839ac3eca14506e44f2ab0/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nav5eu6ixb5yv7gci27zvisxpbl2uh2fjobzvq7mufcqnzcpfkya._file
Verdict:
malicious
Similar samples:
da362dff8b39c6b4b92387f48f5beb91ce55dbdf8bfe6a6ec7b5e6f1aa269010
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery evasion persistence trojan
Link:
https://tria.ge/reports/221015-beydcaehf4/
Behaviour
Checks SCSI registry key(s)
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Program Files directory
Drops file in Windows directory
Launches sc.exe
Drops file in System32 directory
Adds Run key to start application
Checks installed software on the system
Checks whether UAC is enabled
Checks computer location settings
Loads dropped DLL
Creates new service(s)
Drops file in Drivers directory
Executes dropped EXE
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/c39a5649-2778-4970-8939-c0dbec494580
Unpacked files
SH256 hash:
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
MD5 hash:
675c4948e1efc929edcabfe67148eddd
SHA1 hash:
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
Link:
https://www.unpac.me/results/97cdf135-b5db-4f83-8236-1fab45cfe5c4/
SH256 hash:
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
MD5 hash:
cff85c549d536f651d4fb8387f1976f2
SHA1 hash:
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
Link:
https://www.unpac.me/results/97cdf135-b5db-4f83-8236-1fab45cfe5c4/
SH256 hash:
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
MD5 hash:
68b287f4067ba013e34a1339afdb1ea8
SHA1 hash:
45ad585b3cc8e5a6af7b68f5d8269c97992130b3
Link:
https://www.unpac.me/results/97cdf135-b5db-4f83-8236-1fab45cfe5c4/
SH256 hash:
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
MD5 hash:
adb29e6b186daa765dc750128649b63d
SHA1 hash:
160cbdc4cb0ac2c142d361df138c537aa7e708c9
Link:
https://www.unpac.me/results/97cdf135-b5db-4f83-8236-1fab45cfe5c4/
Parent samples :
f5f3e5658f8ec6c1e7ffa7e7d6df06d04af1f3a5941206ce23b8be979c60ccb1
6e22c0f2732195063cb4984c6520c3b85e1236e967f8bb05b3c1b35139d2917b
713a497c8da97c2082758fd31147539f408a72b62041c6c9ed77037021621e94
dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce
ac142a8087949b5ad4e3a503ca37609845112c4f7e0cd1376669c9d5c8f5cdf2
15d4dbafb6fb1770507db7769b2df6f3857da0ad3203a71c5f82a99688dac2b3
b96862087581adb9ecfb9615a46eedb29d13c606e708b7b532ce6ed3217925a4
4f2e6dc8e4d8e0dfcc44a28d34c10653bd833abb8832e47e609d255f246c67f0
df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3
60b1aa37a4ac40d5c5adf2de28782976934731408b6c2e89511e1bc5947d5bbd
f7ae58f22cbdeb69318f6cb3ff3757a9888e8731febd66e85ee9938f874705c9
fbfe2108631e3ccaa8db2f5c4439009c7a5a53136481b422236eefe2e48b690f
340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2
34a5c9c0106b37687fbdd51a60a026d06e7301ec40b1f7fb49384d8fe748e9e6
503c9fae00b047a77059de8e9ff6dddb6d2584f18ccf6480d69d395c65492ad4
SH256 hash:
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
MD5 hash:
40d7eca32b2f4d29db98715dd45bfac5
SHA1 hash:
124df3f617f562e46095776454e1c0c7bb791cc7
Link:
https://www.unpac.me/results/97cdf135-b5db-4f83-8236-1fab45cfe5c4/
SH256 hash:
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
MD5 hash:
6c3f8c94d0727894d706940a8a980543
SHA1 hash:
0d1bcad901be377f38d579aafc0c41c0ef8dcefd
Link:
https://www.unpac.me/results/97cdf135-b5db-4f83-8236-1fab45cfe5c4/
SH256 hash:
682bd253c8b87b8afcc246bf9aa2577857aa1f454b839ac3eca14506e44f2ab0
MD5 hash:
83dfb68ccf4a2ed5ed483fe453b21054
SHA1 hash:
f34fb99c8c0c6bcb3518423f745604e5f026b0bb
Link:
https://www.unpac.me/results/97cdf135-b5db-4f83-8236-1fab45cfe5c4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/682bd253c8b87b8afcc246bf9aa2577857aa1f454b839ac3eca14506e44f2ab0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 682bd253c8b87b8afcc246bf9aa2577857aa1f454b839ac3eca14506e44f2ab0

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/320519/

Comments