MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b314655dd710e2b4bee14402e4c0320aafd5faadcea6ddb16b01cfc049f6ccf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b314655dd710e2b4bee14402e4c0320aafd5faadcea6ddb16b01cfc049f6ccf
SHA3-384 hash: 199c1e434729abd1d85a37a9e2c559ee1f7fc323e3b3f4b6d915d8dad86116c2992f72eedd8470a78542acf1d185d570
SHA1 hash: af378e262c9d55cb1b97fbaadbc6187b8480b52f
MD5 hash: 56ce616c789c4d83e157a60a26032d0d
humanhash: saturn-pizza-carpet-low
File name:file
Download: download sample
File size:390'072 bytes
First seen:2022-09-17 16:23:16 UTC
Last seen:2022-09-17 20:32:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'455 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 6144:x/QiQXC3km+ksmpk3U9j0IwOGBfj/WUplm6zIOYQNd28pTXdAmpCLVRZoglM7Lk0:pQi33P6m6UR0IwlL//plmW9bTXeVhDrE
Threatray 410 similar samples on MalwareBazaar
TLSH T1A7841243E3E14439E033CEB05CA0E962493B7D655DBC650836EDAD8F8F3B5829256B93
TrID 75.1% (.EXE) Inno Setup installer (109740/4/30)
9.7% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.0% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter andretavare5
Tags:exe


Avatar
andretavare5
Sample downloaded from https://official-tizzle.s3.pl-waw.scw.cloud/mazelna-ki-bdina/Bolt2.exe

Intelligence

File Origin
# of uploads :
5
# of downloads :
385
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2022-09-17 16:24:09 UTC
Tags:
installer loader
Link:
https://app.any.run/tasks/fe487703-6ab4-4929-9a44-72fd5798300e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/310961/
Detection(s):
SecuriteInfo.com.Application.Agent.AIQ.2330.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Creating a process with a hidden window
Searching for synchronization primitives
Creating a file in the system32 subdirectories
Creating a file
Sending a custom TCP request
Creating a file in the %AppData% subdirectories
Moving a file to the %AppData% subdirectory
Unauthorized injection to a recently created process
Query of malicious DNS domain
Sending a TCP request to an infection source
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/6325f4ee1183046074ac0f81/reports/b152ea2f-f84e-4463-87c2-1b10d53bdd78/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c871436d-1126-4b66-8baa-74cd18eca7a2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1072289
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
Snort IDS alert for network traffic
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b314655dd710e2b4bee14402e4c0320aafd5faadcea6ddb16b01cfc049f6ccf/
Threat name:
ByteCode-MSIL.Downloader.Csdi
Create hunting rule
Status:
Malicious
First seen:
2022-09-16 02:54:12 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
16 of 26 (61.54%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nmyumvo5oehcws7ocrac4tadecvp2x5k3tvg3wywwaopybe7nthq._file
Verdict:
malicious
Similar samples:
63581ae3a6484a00bb415bdc2105a1256fb9929a7cb3ef9bcce1b141bb99bf7f
711d8a94c429866e76447eb867f6408eb83b85d9bbea615084722e6055a9d939
7c23a4178b8fc14dedfd30b2b8fe462b4d936210bc64d6a14671b14a9387306a
82346f3a4b7e84f746f6242ff70265b1467ffdcd01954f71806f86c2989a9819
ad8e32c58c848eb03c4414224e74530dab7ea632229d704fc888a7a843396650
c59afb9bb8fad3568800ebdfd5fd07e35d3b77c3ce7316cda5fa1c37b924c4b8
de1ae614a8a926b44989594d2bd4615c14700e575662d7c4689789d6b228f79e
f0dc8fa1a18901ac46f4448e434c3885a456865a3a309840a1c4ac67fd56895b
+ 400 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220917-twddlseacq/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Loads dropped DLL
Downloads MZ/PE file
Drops file in Drivers directory
Executes dropped EXE
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/eac5e9c0-b24c-481e-b063-a4c1dbbff6a4
Unpacked files
SH256 hash:
e427f8ef21691e3d8c2313d11129ad08ddef69a158eca2f77c170603478ff0c4
MD5 hash:
0dedd909aae9aa0a89b4422106310e9e
SHA1 hash:
271d36afa5b729ee590cf8066166ca5e9c9d0340
Link:
https://www.unpac.me/results/d7676aba-4049-4099-a8d6-1edf9b4c91f6/
SH256 hash:
7578466e0375650d7e8f58195315a992a7e73dd2a7151eb27275a48bf15cedb4
MD5 hash:
8c6f35693f254c92101d3bb48c014e97
SHA1 hash:
e5872484385c3f8b0e18006a2f06b3960497e8ba
Link:
https://www.unpac.me/results/d7676aba-4049-4099-a8d6-1edf9b4c91f6/
SH256 hash:
6b314655dd710e2b4bee14402e4c0320aafd5faadcea6ddb16b01cfc049f6ccf
MD5 hash:
56ce616c789c4d83e157a60a26032d0d
SHA1 hash:
af378e262c9d55cb1b97fbaadbc6187b8480b52f
Link:
https://www.unpac.me/results/d7676aba-4049-4099-a8d6-1edf9b4c91f6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6b314655dd710e2b4bee14402e4c0320aafd5faadcea6ddb16b01cfc049f6ccf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/310961/
  
URLhaus
https://urlhaus.abuse.ch/url/2306558/

Comments