MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68ac5530196b3a92fe6574954e62dac0b98cbac6e746f9c170f00b88fa2c5421. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68ac5530196b3a92fe6574954e62dac0b98cbac6e746f9c170f00b88fa2c5421
SHA3-384 hash: 4d4f22d769aed9307a58c3bf423aae4ef9e12a4745c5d9dcc738c1a26c565f61680b3419d39afa9776acfa73edc6ddd6
SHA1 hash: 0d47c977a2f405ff42b2616447120e0e9754d6b2
MD5 hash: 2d6ff89c09aa9c62270895c582de4f68
humanhash: lithium-four-spaghetti-nuts
File name:SecuriteInfo.com.Trojan.MulDrop26.46365.21187.10518
Download: download sample
File size:2'673'640 bytes
First seen:2024-04-14 08:29:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ae9e38912ff6bd742a1b9e5c003576a (10 x DCRat, 7 x RedLineStealer, 4 x AsyncRAT)
ssdeep 49152:8ILeD0/jYaEGw8/nJs3qq3eLouWGvlHtfc+tpBSSmhSP48tywAX6:8nkwsiaVLiGvXjPD748t59
TLSH T198C52302FAC595B2C533297355206F21EA39BC700FB68DDB8764985DCE721C0A739BE6
TrID 89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4504/4/1)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter SecuriteInfoCom
Tags:exe signed

Code Signing Certificate

Organisation:Bitsum LLC
Issuer:DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2023-02-07T00:00:00Z
Valid to:2025-03-08T23:59:59Z
Serial number: 0b494d7df02097107b9065025133fe92
Intelligence: 27 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: b309179e6516e33d374264683b0751db5f23b09e625ff0b6a4163df28051d08c
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
303
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
68ac5530196b3a92fe6574954e62dac0b98cbac6e746f9c170f00b88fa2c5421.exe
Verdict:
Malicious activity
Analysis date:
2024-04-14 08:31:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/39a1592b-69d9-4801-9401-6816560d92cd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Creating a process from a recently created file
Enabling autorun by creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm fingerprint installer keylogger lolbin overlay packed packed setupapi sfx shdocvw shell32
Link:
https://www.filescan.io/uploads/661b940dbda3c35a0b061b22/reports/c701c2e6-6a84-4642-9721-0c10c8aff924/overview
Verdict:
Malicious
Labled as:
Malware.32AC7225
Link:
https://www.hybrid-analysis.com/sample/68ac5530196b3a92fe6574954e62dac0b98cbac6e746f9c170f00b88fa2c5421
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a5fb74b0-307e-444b-bf03-aac64e7c7d8e
Result
Threat name:
n/a
Detection:
clean
Classification:
evad
Score:
15 / 100
Link:
https://www.joesandbox.com/analysis/1425713
Behaviour
Behavior Graph:
n/a
Score:
51%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/68ac5530196b3a92fe6574954e62dac0b98cbac6e746f9c170f00b88fa2c5421
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/68ac5530196b3a92fe6574954e62dac0b98cbac6e746f9c170f00b88fa2c5421/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ncwfkmaznm5jf7tfosku4yw2yc4yzowg45dptqlq6afyr6rmkqqq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/240414-kd5wgaeh72/
Behaviour
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Unpacked files
SH256 hash:
da35d37005e3fc77a8d528f67326022a49070d00e04a6a1d743b9d11bad90b8d
MD5 hash:
f4365a3389b3a05663ade6444e705bca
SHA1 hash:
3aa7f7f1e05cc130eb2cf18d0bd445bdccb6586b
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
d9f1ba0aee8caec7f023d52a804d033979874d20464c4b44c1608a577293eb5f
MD5 hash:
d42c49a3322494afd193b9daf288ed77
SHA1 hash:
4b6fc766e14188447b9fc6136dba354b5cf0cc53
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
d5be7eda91660c8a582f0105720d6fdacb114faaf158e2a872bf5da53e4836de
MD5 hash:
f33d054d3afa78a4485e4f6c975430e3
SHA1 hash:
4e243439a55564bc7cd05e5664c808a5b3bdbcae
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
c192723baace86d0d16165e5ec3f72cc929d6e62ec8874309249b7aa3ddf3a8b
MD5 hash:
2f1a9b8f8eb24f7c6b9401b4821091ef
SHA1 hash:
2c1a28876f41a7931fe37e03e5c28740212ae15c
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
bf8469f15ad37101180a7cf10d1cabfd836b8fd30d214b503ecba7fd8fa34878
MD5 hash:
a63ff719dc8a41452f0c700811bdfc32
SHA1 hash:
a7a60e98dc34fd7e79d8ed736b673131ec798a29
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
b4303d8fcabaca7b809866e4efe0090ee3a7e4d9db540fcb29a820a5d16be0f0
MD5 hash:
462dcb0f4ffad382f914192317dd786c
SHA1 hash:
9ddbca5958be35990904beaaa3b29e4c56c8fc2f
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
af6c94dac3b2762098e7f8fdae69b14fdae35b6687350398047e200a6a8226f8
MD5 hash:
f7947b9683ff740e1db7629a07f251cc
SHA1 hash:
46017b66589e95c5eae764983725bc60d6b05e2e
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
a90f8eb2d62fb093cb05ff81ef8addd96030265e95fe28f52a388e7b52a48adf
MD5 hash:
d94e9b9776ceaf49a11209f900079596
SHA1 hash:
4fd6c4792640c1e1175ada94c46668ce359bf104
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
a4b755077b77a10e32de57e4dff518647ce28330513550de36c00374a9c0657d
MD5 hash:
2ac086357c5d3041050cfa2f11f9482d
SHA1 hash:
24266d9f7efb4f21af52f5ccff17a550f5947946
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
94192f6ba7638eca6194dab5cc4a6d93f7d08c538efc896ca793ec44f1bbf248
MD5 hash:
8bff8e20a92081107d92e4f29f6575eb
SHA1 hash:
4d01b42ae33ec43111e22bb9fb8f436eb1526f27
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
81259794067a7b076cd7202705c1c4f34ed4a62f8c1ee830f4c8591f16b82b7c
MD5 hash:
6c3ba4076372cf6c28de5776fb33f0a0
SHA1 hash:
47a22e7153d63c8a8bcb525990e60b5a9d9e436e
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
7cb2a57162c3c63a76830534836a665eb90b4ac8c5db58aedfdfbec711b2d2d8
MD5 hash:
b27a898768a16a2f6fbc5cdb2b2c3b00
SHA1 hash:
3a624c33e3c9cd2d277f88a82f9c7ff5bbeeac04
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
5c8d4ba49ed9f376df3a1a8670910479a7109a341fd25870a7233624c3093fe3
MD5 hash:
8e8fc6c96a776255e74f74b987e24d32
SHA1 hash:
b5ab726a8423947a44692e8dd40cb9ed5a5f0a48
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
35966590fb5b6bb3a7bad76e39ddf7f6697ac52252bf529cc417add506e782dd
MD5 hash:
194b92ddced70dde3cb7e92da316b85b
SHA1 hash:
947c976bb46662f9fff3f50d49c49f64995d571e
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
2d50915e114eff440ed06b5bf8295e3005da766e7fb170dedc04a504729bfb2f
MD5 hash:
017a1e3622161cf0650cf57923acb467
SHA1 hash:
fbc681e90e0e4f5f50f090f2e5bdeeb011c2c859
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
154a21f9bea470665a26eefed9db3d61f9df246f2bf6c0ffd94fe5aed3ea9ad3
MD5 hash:
cfa764cb7f57be3761b0a64632fee62e
SHA1 hash:
c66927413ab24e75d4c409c61dfc066130477731
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
04a0d5dffdc546ad5ff33243225a63d771ca2a19725afb6dd9dda7dc4ebdfd81
MD5 hash:
255d2c74a644beb3f0618240c1afb70e
SHA1 hash:
e82350aa6668309aa749e8f24f8c262909880b99
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
SH256 hash:
68ac5530196b3a92fe6574954e62dac0b98cbac6e746f9c170f00b88fa2c5421
MD5 hash:
2d6ff89c09aa9c62270895c582de4f68
SHA1 hash:
0d47c977a2f405ff42b2616447120e0e9754d6b2
Link:
https://www.unpac.me/results/e4de6b75-429f-4965-9871-f74db218280f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/68ac5530196b3a92fe6574954e62dac0b98cbac6e746f9c170f00b88fa2c5421

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SelfExtractingRAR
Create hunting rule
Author:Xavier Mertens
Description:Detects an SFX archive with automatic script execution
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
GDI_PLUS_APIInterfaces with Graphicsgdiplus.dll::GdiplusStartup
gdiplus.dll::GdiplusShutdown
gdiplus.dll::GdipAlloc
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::AllocConsole
KERNEL32.dll::AttachConsole
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::FreeConsole
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateHardLinkW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::MoveFileExW

Comments