MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e1d54310bbb6a1f78c924ee77eca556316d19b02c4b892dc970b561098e296b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e1d54310bbb6a1f78c924ee77eca556316d19b02c4b892dc970b561098e296b
SHA3-384 hash: d896b2335786701c606283497bc71eeebb05dc17faf9933b4cbd022a8b8174a1f82d69552ab9ec81bb255419e3ab08d4
SHA1 hash: 028905e6c0b99af1c6101abbcbfc6a51e7e1a977
MD5 hash: 0f95b37641f0b922c3d8bbe66181bc76
humanhash: stairway-beer-early-oscar
File name:SecuriteInfo.com.SScope.Trojan.VB.17728.26896
Download: download sample
File size:1'196'032 bytes
First seen:2024-05-18 17:23:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c0865455ab5d9560a345dbb18c0e4245
ssdeep 12288:3zTb3mtpKAcBHoxyAcBHoxdCb3mtWo6/YRiHqQTZ/01lt6TTD6enosj4qu:3zM6AhjtSTYssqu
Threatray 10 similar samples on MalwareBazaar
TLSH T1F745C116F205E4D5D5240D3FFB2098AD51E92C2FABA41D83E6813B4EB273995931C2FE
TrID 78.0% (.EXE) Win32 Executable Microsoft Visual Basic 6 (82067/2/8)
10.0% (.EXE) Win64 Executable (generic) (10523/12/4)
4.2% (.EXE) Win32 Executable (generic) (4504/4/1)
1.9% (.ICL) Windows Icons Library (generic) (2059/9)
1.9% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 717930928cced629
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
336
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6e1d54310bbb6a1f78c924ee77eca556316d19b02c4b892dc970b561098e296b.exe
Verdict:
Malicious activity
Analysis date:
2024-05-18 17:25:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9fa3b59d-7d71-483d-8ef8-1c163ed13738

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.SScope.Trojan.VB.17728.26896.UNOFFICIAL
Create hunting rule

Gathering data
Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
threat
Link:
https://www.filescan.io/uploads/6648e433eecf8de655e83c78/reports/06cb244a-1961-45b4-9122-cf34d185a3fb/overview
Verdict:
Suspicious
Labled as:
SScope.Trojan
Link:
https://www.hybrid-analysis.com/sample/6e1d54310bbb6a1f78c924ee77eca556316d19b02c4b892dc970b561098e296b
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/78aa8bb8-1099-40d1-b676-3551c978dfd4
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1443775
Behaviour
Behavior Graph:
n/a
Score:
82%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/6e1d54310bbb6a1f78c924ee77eca556316d19b02c4b892dc970b561098e296b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e1d54310bbb6a1f78c924ee77eca556316d19b02c4b892dc970b561098e296b/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nyovimilxnvb66gjetxhp3ffkyyw2gnqfrfyslojoc2wccmoffvq._file
Verdict:
malicious
Similar samples:
1018ee3d727c9e744cf8ae8dc0c0559b17f89e188673859dc962e10ae4cdd76b
12975bce5682b4d6a0849c73a8924f074e9fc12e9807e1773e3d80656851d1d2
52fbe7491c32772fc730dae9d415c7e81350f67658f476b340db4498d4a9dca2
58b30c75db050e57a9f5c795c823627eda37ec253d63db428c970dcab058d9b5
5963db9ee022b1331aa48c1c8c3b9b75bafb2f0297dced1928e88bdea3f790c8
5ad88b48598633133d30a79c10cde8860cdf5a2d05ed4fd6227dd4a7449d02d9
6e1d54310bbb6a1f78c924ee77eca556316d19b02c4b892dc970b561098e296b
6ebccee754ae0066c0b1687793eb8478e90d0ce2f581ff175dc9f85cead5a8af
b8e4bcb3699104e49979cc86b84ce278bd6b9b392d65d465ac1acd7808ed0db0
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240518-vypebsef76/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
6e1d54310bbb6a1f78c924ee77eca556316d19b02c4b892dc970b561098e296b
MD5 hash:
0f95b37641f0b922c3d8bbe66181bc76
SHA1 hash:
028905e6c0b99af1c6101abbcbfc6a51e7e1a977
Link:
https://www.unpac.me/results/eba0da22-edc4-455e-afb7-5849572a35e2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/6e1d54310bbb6a1f78c924ee77eca556316d19b02c4b892dc970b561098e296b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SEH__vba
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments