MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70fcaaa993bee4731f88e380b0c43908cd79e69d510f7ed4b1384e3899ad4a32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70fcaaa993bee4731f88e380b0c43908cd79e69d510f7ed4b1384e3899ad4a32
SHA3-384 hash: 5973b042e18f8c60c96fd0f58deb711d0952344f0fe0ea9e465b56f5464f946bc3acb58a5a5de14a169a0a4542d7f996
SHA1 hash: 5654b135f8a8ca9a6e37f45e187ecfd4a95daaff
MD5 hash: 0860e4d15342af5848ce3c20f8530cf7
humanhash: double-pluto-eight-princess
File name:SecuriteInfo.com.Trojan.MulDrop25.44123.17193.15704
Download: download sample
File size:2'647'800 bytes
First seen:2024-02-19 02:30:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ae9e38912ff6bd742a1b9e5c003576a (10 x DCRat, 7 x RedLineStealer, 4 x AsyncRAT)
ssdeep 49152:9ILF+5eZISyE/W2PFO7zn76IRcc7G7gWZdzVTC8EwQ0D:9A+5eyE/5CzOIULHVYy
TLSH T1C2C52302B6D14971C07319322A316F31F6BCBE302F7989D76768996DDE231C0A725BB6
TrID 89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4504/4/1)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter SecuriteInfoCom
Tags:exe signed

Code Signing Certificate

Organisation:Bitsum LLC
Issuer:DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2023-02-07T00:00:00Z
Valid to:2025-03-08T23:59:59Z
Serial number: 0b494d7df02097107b9065025133fe92
Intelligence: 27 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: b309179e6516e33d374264683b0751db5f23b09e625ff0b6a4163df28051d08c
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
297
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/476703/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop25.44123.17193.15704.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Creating a process from a recently created file
Enabling autorun by creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm fingerprint installer keylogger lolbin overlay packed packed setupapi sfx shdocvw shell32
Link:
https://www.filescan.io/uploads/65d2bd67c5e1a083fbf13b0c/reports/466cb113-ba95-4792-bbf6-bf72a9c24025/overview
Verdict:
Malicious
Labled as:
Malware.Dropper
Link:
https://www.hybrid-analysis.com/sample/70fcaaa993bee4731f88e380b0c43908cd79e69d510f7ed4b1384e3899ad4a32
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/16dc7b54-ac2d-4859-8e9f-9148c4ec51e4
Result
Threat name:
n/a
Detection:
clean
Classification:
evad
Score:
16 / 100
Link:
https://www.joesandbox.com/analysis/1394244
Behaviour
Behavior Graph:
n/a
Score:
7%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/70fcaaa993bee4731f88e380b0c43908cd79e69d510f7ed4b1384e3899ad4a32
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/70fcaaa993bee4731f88e380b0c43908cd79e69d510f7ed4b1384e3899ad4a32/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=od6kvkmtx3shgh4i4oalbrbzbdgxtzu5kehx5vfrhbhdrgnnjiza._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/240219-czp35sgh3x/
Behaviour
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Unpacked files
SH256 hash:
fbc49a637b745ad08721d1ca260be3be1e87ae491e54078ee92522d589890553
MD5 hash:
84fd6d7468059983b2653385cbae4112
SHA1 hash:
b390e075f7a9bf8bb84eaddaa1952a958a38f6fc
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
f234fce9caf7f93c0a8b109a736a34c5eff8fb802bd10d700eee38f05e05f077
MD5 hash:
eb1f65f25907286e9382820a1d898111
SHA1 hash:
66aa7b5716e32191dacae263b7dcd21f1f4336bb
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
e8f9ce38336a8dd1eab73869d83fedeaad6f19974cf203386cfb5cb26f5cf1a9
MD5 hash:
ac148cbc73b4af59f1f054adec5cec6c
SHA1 hash:
9a5881337876998e0e597145bb9f112b88fd0085
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
e3078dfb737b334b552f959a454ea68a11406b90df152dfd9f8308e3b3d7bab4
MD5 hash:
82d7dbf53bf94f9ebb400dac76485bef
SHA1 hash:
ef335828021e96cf0a0cb9c507f44eaaba9eea23
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
cb506cb6c9675dc5ca50f507b0ffc4b64901e1c10b3eedff5e5e544aacc2316f
MD5 hash:
f4940cbf5b6da52e59765c294b6e3441
SHA1 hash:
00e75ac328cca1c67f24dc4efc098247a69e4cd7
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
c83a559a1a309070c65eb5130f5814f9672ca7d4d8d5b191c1f83d5a0328ae6c
MD5 hash:
450d4cd8d1e0aff35fdb129889f6f8a9
SHA1 hash:
ce6e2a53632963b20e3d2cbb68454dd67e4f0e4e
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
b1e7dfecc937462816935e0d212d0aea0fb08a5431bc4695e373454cc1110cb0
MD5 hash:
c9429aa51d3d4699f8664bd8f4f042bb
SHA1 hash:
e7ce9e115ace21b5c2bbdcd9553352d9a4b60a81
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
aa849290f19f13641868a2db662a7c2a84c7b9db1d5cd0ba049d14b19911c4ef
MD5 hash:
2219b4fd141ec1930d3b95aed567610d
SHA1 hash:
214be7eca6cfbf6cf206b141039ecf85783dd20f
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
939ac7178c091bc8b15d8ae7ce90e3432ba5387db669b68a21f6c9a2259c8429
MD5 hash:
b254e80685c1592b50f80ee0f1d905fc
SHA1 hash:
265dbb40c0aff616859caa14d0bcc18cfe9a8c91
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
8875f0d8cd9961aed80e6cf2364d91af5b71b5d843f52d87f2ada4fdb658a5d6
MD5 hash:
70e8789e8e3f48d3f61674c72ceeede2
SHA1 hash:
3d165e85276c778e286cf1937e73ef61a006e659
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
7128aef955488f636f876d10572d611791211f8bf20ddd09b49e2d2e91554612
MD5 hash:
5eb4546c019855ae52789331868746de
SHA1 hash:
be4d6e3e7ae20ccfdde470774f5eff6110659ed6
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
6f5275057e5e8f36a20c1aff9b845306ac603c4baae3e12ff4b77545de2444a4
MD5 hash:
ac8f3842da4a76bdbe0c3e47365717bf
SHA1 hash:
93e5591233421fb5f61b1f1f38b3c1c5fede7b04
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
64404fe9e594b53f067cba85394a0ffb621bfdcb653cb9cd8c8b02104c0a2432
MD5 hash:
b1982b96640d497de2cdff4620da2cd1
SHA1 hash:
ff1dc53297b90220fdbb17e8a3765f37b65ad0d9
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
5eddbec9993c35e1b8878830c81cad8a110c611e1c18e35e92e6df0e91f7211a
MD5 hash:
24e11744039b239a2ebafbdc2a94bb44
SHA1 hash:
fad4e1d616de5e33dea6ac0224caa90af6368072
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
47aab488e3ad39a7ca0b0fc78c78df11d212739955f7b511e1b2f02426f2b96a
MD5 hash:
7918964b0aebc166d601b3c14f1384de
SHA1 hash:
1dd6fa4e3eb86486900349a4527a444240ec1e7b
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
149f18d2f3e098f1ba46303161f7c5d031b9b1cde434a97a383e39ebf77aa1b1
MD5 hash:
a872c5a2e9c9523a339db8d341890daf
SHA1 hash:
089cd083f2a4e5a128b0c60a31ffdee127fee797
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
04e6733c4c2a5af7db85d9577d9fc59d55f281e5d90619fabc16b97a1dc7fc44
MD5 hash:
b040db89454ea287511658befd64b358
SHA1 hash:
d65c00b426c7c1fc0cecd06626bdb15533dc9b99
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
SH256 hash:
70fcaaa993bee4731f88e380b0c43908cd79e69d510f7ed4b1384e3899ad4a32
MD5 hash:
0860e4d15342af5848ce3c20f8530cf7
SHA1 hash:
5654b135f8a8ca9a6e37f45e187ecfd4a95daaff
Link:
https://www.unpac.me/results/0908ea57-6ded-4573-959d-9f1550b3add7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/70fcaaa993bee4731f88e380b0c43908cd79e69d510f7ed4b1384e3899ad4a32

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SelfExtractingRAR
Create hunting rule
Author:Xavier Mertens
Description:Detects an SFX archive with automatic script execution
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/476703/

Comments