MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68e5677a864f229ef02194052ef540cd7b80695b10e5493edfc0d51a8d87874a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68e5677a864f229ef02194052ef540cd7b80695b10e5493edfc0d51a8d87874a
SHA3-384 hash: afbf52808a30069568e7f60527056c5cea295f1702f6b6abc299e492cf945f5c92b293fa710a4e37cb65b1ad322003da
SHA1 hash: 23f9d783c8053daa32035220fe2d5f453fcdf39b
MD5 hash: 7a29029e73156fa977badcb2dfab153d
humanhash: uncle-black-football-blossom
File name:SecuriteInfo.com.Win64.RansomX-gen.7999.26557
Download: download sample
File size:1'064'960 bytes
First seen:2023-01-12 07:34:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:Q3R81bLosIPCtDxbuBSamYYykns5yTyps+2jBm7sFuKkDdOkMeS9iUL:G81XosIPMbulmYYyG4s7Vm7ajcdO7eSD
Threatray 933 similar samples on MalwareBazaar
TLSH T1103523457A948B6BE45FAEF37CC590B103716A5F0D82D9CE2EC6198C43C9714A3A0F6B
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
173
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win64.RansomX-gen.7999.26557
Verdict:
Malicious activity
Analysis date:
2023-01-12 07:37:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d2349e72-ccff-409d-8afd-86488e08c5e1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/352184/
Detection(s):
SecuriteInfo.com.Win64.RansomX-gen.7999.26557.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/63bfb82fc77c15b5d69e41c8/reports/58468c54-0d0f-4347-b40c-e86a06b647c0/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/725cea08-968d-49d1-8fc9-5da824301483
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1150120
Signature
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected AntiVM3
Yara detected Costura Assembly Loader
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/68e5677a864f229ef02194052ef540cd7b80695b10e5493edfc0d51a8d87874a/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-01-12 07:35:13 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
4
AV detection:
10 of 26 (38.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ndswo6ugj4rj54bbsqcs55kazv5ya2k3cdsuspw7ydkrvdmhq5fa._file
Verdict:
unknown
Similar samples:
36f828fc51e022714a6fd634e6b663919f332b67e9505ceb05d5c3b9398c6a00
42a811dc46e91618c4c1aea2cc52c72a3c6f2ef04d5fe0468e94eda595af4c24
446abdfdd249bca6964b7dc14013be5d833360b0eba026a6303c3132fc797bc0
59494a51618f234021c0dae2d87667ce9e431b8a75a1b4952d3e48bf71492fbb
67388fca813133367167001c4114d6cd97b4bed24d0acdfda8b5784723a698ea
901112dd590ebf7bb0314c090a66522540e27d7ae769f2030ac47e3046f5d313
bcba671f1e3e1f7ab80f59d5c1cb280bfec3ca519b37820af0bb720fb5d7a8b9
f1ec2da9572ec46cf6937a8e51b0e188f5778d2c6cf47be6fe098a7dc8de87a9
+ 923 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
collection
Link:
https://tria.ge/reports/230112-jeqbqsbc5w/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Program crash
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Legitimate hosting services abused for malware hosting/C2
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/a43f3c93-c656-43ea-9d29-f3a303116adf
Unpacked files
SH256 hash:
68e5677a864f229ef02194052ef540cd7b80695b10e5493edfc0d51a8d87874a
MD5 hash:
7a29029e73156fa977badcb2dfab153d
SHA1 hash:
23f9d783c8053daa32035220fe2d5f453fcdf39b
Link:
https://www.unpac.me/results/62d4892b-dc8f-41a8-b3ee-67811686789d/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/68e5677a864f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/68e5677a864f229ef02194052ef540cd7b80695b10e5493edfc0d51a8d87874a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/352184/

Comments