MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e0a7c7256246dfec4aeeebbfe2e1bf9d1a677a8688017fcf08748aee3ed52b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e0a7c7256246dfec4aeeebbfe2e1bf9d1a677a8688017fcf08748aee3ed52b3
SHA3-384 hash: 1a0f0bcb42af9e4871ce944fd7b940d341268e43bd72d0cecb29f30f4f603d3c1f302c1ed43f5a636b0c7e2c42049d09
SHA1 hash: ff2e7dc37a9fc9c57302f5d2249818c526c7b057
MD5 hash: 7803201a1a0412ca3f5d215158c989a1
humanhash: minnesota-august-papa-low
File name:SecuriteInfo.com.Variant.MSILHeracles.67531.9943.8280
Download: download sample
File size:713'216 bytes
First seen:2023-03-23 21:31:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:b6GomzgRJ7YhsbE7PGBliOZS11IVNwmPa5V303m78S1dqToFyToHzbWwGhT:bLgR+hVLWSTEwb302ITkPHH01
Threatray 342 similar samples on MalwareBazaar
TLSH T172E433B8E5C05B08D2BBA7B0DD72D9EA4D316B828FFF057E584D7A601D086A645E30F4
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
226
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Variant.MSILHeracles.67531.9943.8280
Verdict:
Malicious activity
Analysis date:
2023-03-23 21:34:53 UTC
Tags:
blackguard
Link:
https://app.any.run/tasks/e9bcb817-117d-4217-91ef-d94ddc529759

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/376935/
Detection(s):
SecuriteInfo.com.Variant.MSILHeracles.67531.9943.8280.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Creating a window
Creating a file in the %temp% directory
Reading critical registry keys
Creating a file
Launching a process
Creating a process with a hidden window
Stealing user critical data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/641cc55323f92296f1f0ae38/reports/d9149781-0f7b-4dc5-8d26-ac00243d7415/overview
Verdict:
Malicious
Labled as:
MSILHeracles.Generic
Link:
https://www.hybrid-analysis.com/sample/6e0a7c7256246dfec4aeeebbfe2e1bf9d1a677a8688017fcf08748aee3ed52b3
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d855549c-bf38-4cf4-9737-0ac25a4b72da
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1200832
Signature
Antivirus / Scanner detection for submitted sample
Deletes itself after installation
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e0a7c7256246dfec4aeeebbfe2e1bf9d1a677a8688017fcf08748aee3ed52b3/
Threat name:
ByteCode-MSIL.Trojan.Heracles
Create hunting rule
Status:
Malicious
First seen:
2023-03-21 05:39:14 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
4
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nyfhy4swerw75rfo52574lq37hi2m55incabp7hqq5ek5y7nkkzq._file
Verdict:
malicious
Similar samples:
6b58715b6f88fa91e2fb481b8640ff8579023e5d586b2964fbeac6f5ec63d5f8
78e3a6a4c1ad570f4411fe72ba86c6e8c171ce38ad2373a0bc6183af6b83561c
8b1d3c51ec4e9c3675e220f892b6d94b722d9fdbf4010d6c2f914fcc2bc4f36d
98d78baf7a1ceff6ec4f3d2330a30075df9c461d03ceaac23c478112bb333d48
a8d22d7ca681510340d5b23b4d2bba492622bdf3052a3cb0a996f1e2e25436aa
a95f3ca79acd4178d465fc84f47532a29087f5b40c59b51af8f0454c9719a03d
bc2f9fb51d4da2cf6a3009c0540ad2031a544dad8d37a3c262728e2012d60f2c
cd4ce12ff6104595f16f7149c38a722ba77031a0ae10486ed325a75187803698
cdda25e04fe115e6096cda6bcd6c8d9176ef5e6b6a7a52019aa58e938493413e
ef99b50ff04775515690718cf8e37ab4ef0c2ffebac4394b0cb7e8dc9e959175
+ 332 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
collection spyware stealer
Link:
https://tria.ge/reports/230323-1dlqlaac62/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Accesses Microsoft Outlook profiles
Checks computer location settings
Deletes itself
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
6e0a7c7256246dfec4aeeebbfe2e1bf9d1a677a8688017fcf08748aee3ed52b3
MD5 hash:
7803201a1a0412ca3f5d215158c989a1
SHA1 hash:
ff2e7dc37a9fc9c57302f5d2249818c526c7b057
Link:
https://www.unpac.me/results/7fb3479a-5471-4d72-a900-dc2d2b35e2fd/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6e0a7c725624/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/376935/

Comments